CVE-2025-28219

Critical CVSS: 9.8

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.

Vendor

Netgear

Product

Dc112a Firmware

CWE

CWE-78

Yayın Tarihi

2025-03-28 14:15:20

Güncelleme

2025-05-02 15:41:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-78 Dc112a Firmware CRITICAL Netgear 2025

Referanslar

https://github.com/IdaJea/IOT_vuln_1/blob/master/DC112A_V1.0.0.64/sub_69600.pdf

Benzer Kayıtlar

High

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce…

High

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the L…

Medium

CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the…

Low

CVE-2026-0403

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN t…

Medium

CVE-2026-0404

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent at…

Medium

CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access th…