216.73.217.22

CVE-2025-5145

· Published 25/05/2025 06:15 · Modified 25/05/2025 06:15

Labels: CVE-2025-5145 2025-05-25CVE-2025-5145CWE-74[email protected]

Essential information

Published
25/05/2025 06:15
Modified
25/05/2025 06:15
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netcore / nbr1005gpev2 cpe:2.3:a:netcore:nbr1005gpev2:*:*:*:*:*:*:*:*
netcore / b6v2 cpe:2.3:a:netcore:b6v2:*:*:*:*:*:*:*:*
netcore / cover5 cpe:2.3:a:netcore:cover5:*:*:*:*:*:*:*:*
netcore / nap830 cpe:2.3:a:netcore:nap830:*:*:*:*:*:*:*:*
netcore / nap930 cpe:2.3:a:netcore:nap930:*:*:*:*:*:*:*:*
netcore / nbr100v2 cpe:2.3:a:netcore:nbr100v2:*:*:*:*:*:*:*:*
netcore / nbr200v2 cpe:2.3:a:netcore:nbr200v2:*:*:*:*:*:*:*:*
netcore / power13 cpe:2.3:a:netcore:power13:*:*:*:*:*:*:*:*

References