Home

Description

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

PUBLISHED Reserved 2025-11-10 | Published 2025-11-11 | Updated 2025-11-13 | Assigner NETGEAR




MEDIUM: 4.8CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:L/U:Amber

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Credits

dcmtruman finder

References

www.netgear.com/support/product/r6850 product patch

www.netgear.com/support/product/r6260 patch product

kb.netgear.com/.../NETGEAR-Security-Advisories-November-2025 vendor-advisory

cve.org (CVE-2025-12942)

nvd.nist.gov (CVE-2025-12942)

Download JSON