CVE-2025-12946

UNKNOWN 0.0

Improper input validation in NETGEAR Nighthawk routers

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

CWE	CWE-20
Vendor	netgear
Product	rs700
Published	Dec 9, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for netgear rs700

Be the first to know when new unknown vulnerabilities affecting netgear rs700 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NETGEAR / RS700

0 ≤ 1.0.7.82

NETGEAR / RAX54Sv2

0 < V1.1.6.36

NETGEAR / RAX41v2

0 < V1.1.6.36

NETGEAR / RAX50

0 < V1.2.14.114

NETGEAR / RAXE500

0 < V1.2.14.114

NETGEAR / RAX41

0 < V1.0.17.142

NETGEAR / RAX43

0 < V1.0.17.142

NETGEAR / RAX35v2

0 < V1.0.17.142

NETGEAR / RAXE450

0 < V1.2.14.114

NETGEAR / RAX43v2

0 < V1.1.6.36

NETGEAR / RAX42

0 < V1.0.17.142

NETGEAR / RAX45

0 < V1.0.17.142

NETGEAR / RAX50v2

0 < V1.1.6.36

NETGEAR / MR90

0 < V1.0.2.46

NETGEAR / RAX42v2

0 < V1.1.6.36

NETGEAR / RAX49S

0 < V1.1.6.36

NETGEAR / MS90

0 < V1.0.2.46

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

molybdenum