Home

Description

NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.

PUBLISHED Reserved 2025-02-05 | Published 2025-02-05 | Updated 2025-02-12 | Assigner mitre




HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

Any version before 1.0.0.74
affected

Default status
unaffected

Any version before 1.1.0.22
affected

Default status
unaffected

Any version before 2.3.2.134
affected

References

kb.netgear.com/...ted-RCE-on-Some-WiFi-Routers-PSV-2023-0039

cve.org (CVE-2025-25246)

nvd.nist.gov (CVE-2025-25246)