CVE-2025-8890 | THREATINT

Description

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports.

PUBLISHED Reserved 2025-08-12 | Published 2025-11-27 | Updated 2025-11-27 | Assigner CERT-PL

CRITICAL: 9.3CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 7.1.12.2.44

affected

Credits

Grzegorz Bronka (Securitum.pl) finder

References

cert.pl/en/posts/2025/11/CVE-2025-8890 third-party-advisory

cve.org (CVE-2025-8890)

nvd.nist.gov (CVE-2025-8890)

Download JSON