CVE-2025-12942
Essential information
- Published
- 11/11/2025 17:15
- Modified
- 08/12/2025 14:26
- Author
- —
- Creator
- —
- CVSS
- 4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- ADJACENT
- Attack complexity
- HIGH
- Attack requirements
- PRESENT
- Privileges required
- LOW
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- HIGH
- Availability (S)
- NONE
- Exploit maturity
- UNREPORTED
Description
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- a2826606-91e7-4eb6-899e-8484bd4575d5
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| netgear / r6260 firmware | cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:* |
| netgear / r6260 | cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:* |
| netgear / r6850 firmware | cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:* |
| netgear / r6850 | cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:* |