CVE-2025-12946
HIGHDescription
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.
Is your site exposed to CVE-2025-12946?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| netgear | rs700_firmware |
| netgear | rs700 |
| netgear | rax54sv2_firmware |
| netgear | rax54sv2 |
| netgear | rax45v2_firmware |
| netgear | rax45v2 |
| netgear | rax41v2_firmware |
| netgear | rax41v2 |
| netgear | rax50_firmware |
| netgear | rax50 |
| netgear | raxe500_firmware |
| netgear | raxe500 |
| netgear | rax41_firmware |
| netgear | rax41 |
| netgear | rax43_firmware |
| netgear | rax43 |
| netgear | rax35v2_firmware |
| netgear | rax35v2 |
| netgear | raxe450_firmware |
| netgear | raxe450 |
| netgear | rax43v2_firmware |
| netgear | rax43v2 |
| netgear | rax42_firmware |
| netgear | rax42 |
| netgear | rax45_firmware |
| netgear | rax45 |
| netgear | rax50v2_firmware |
| netgear | rax50v2 |
| netgear | mr90_firmware |
| netgear | mr90 |
| netgear | ms90_firmware |
| netgear | ms90 |
| netgear | rax42v2_firmware |
| netgear | rax42v2 |
| netgear | rax49s_firmware |
| netgear | rax49s |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-12946? +
How severe is CVE-2025-12946? +
What products are affected by CVE-2025-12946? +
How do I check if I'm vulnerable to CVE-2025-12946? +
Related Vulnerabilities
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is …
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in …
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured …
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may …
A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management …
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` …