ID
CVE
TITLE
of netgear WNR614 Authentication vulnerability in firmware
sources:
JVNDB: JVNDB-2025-007886
DESCRIPTION
A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. of netgear WNR614 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
sources:
NVD: CVE-2025-5495 //
JVNDB: JVNDB-2025-007886
AFFECTED PRODUCTS
| vendor: | netgear | model: | wnr614 | scope: | eq | version: | 1.1.0.28_1.0.1ww | |
| vendor: | ネットギア | model: | wnr614 | scope: | - | version: | - | |
| vendor: | ネットギア | model: | wnr614 | scope: | eq | version: | - | |
| vendor: | ネットギア | model: | wnr614 | scope: | eq | version: | wnr614 firmware 1.1.0.28 1.0.1ww | |
sources:
JVNDB: JVNDB-2025-007886 //
NVD: CVE-2025-5495
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2025-5495 | |
|
| value: | MEDIUM | | | nvd@nist.gov: | CVE-2025-5495 | |
|
| value: | CRITICAL | | | OTHER: | JVNDB-2025-007886 | |
|
| value: | CRITICAL | |
| | cna@vuldb.com: | CVE-2025-5495 | |
|
| severity: | HIGH | | baseScore: | 7.5 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 10.0 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2025-007886 | |
|
| severity: | HIGH | | baseScore: | 7.5 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2025-5495 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.3 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 3.9 | | impactScore: | 3.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2025-5495 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 3.9 | | impactScore: | 5.9 | | version: | 3.1 | | | NVD: | JVNDB-2025-007886 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2025-007886 //
NVD: CVE-2025-5495 //
NVD: CVE-2025-5495
PROBLEMTYPE DATA
| problemtype: | CWE-287 | |
| problemtype: | Inappropriate authentication (CWE-287) [ others ] | |
sources:
JVNDB: JVNDB-2025-007886 //
NVD: CVE-2025-5495
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-5495 | |
| db: | VULDB | id: | 310911 | |
| db: | JVNDB | id: | JVNDB-2025-007886 | |
sources:
JVNDB: JVNDB-2025-007886 //
NVD: CVE-2025-5495
REFERENCES
| url: | https://github.com/shuanunio/cve_requests/blob/main/netgear/wnr614/acl%20bypass%20vulnerability%20in%20netgear%20wnr614.md | |
| url: | https://vuldb.com/?id.310911 | |
| url: | https://vuldb.com/?submit.584939 | |
| url: | https://www.netgear.com/ | |
| url: | https://vuldb.com/?ctiid.310911 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-5495 | |
sources:
JVNDB: JVNDB-2025-007886 //
NVD: CVE-2025-5495
SOURCES
| db: | JVNDB | id: | JVNDB-2025-007886 |
| db: | NVD | id: | CVE-2025-5495 |
LAST UPDATE DATE
2025-07-04T23:46:31.670000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-007886 | date: | 2025-07-03T06:31:00 |
| db: | NVD | id: | CVE-2025-5495 | date: | 2025-07-02T14:24:27.397 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-007886 | date: | 2025-07-03T00:00:00 |
| db: | NVD | id: | CVE-2025-5495 | date: | 2025-06-03T13:15:21.123 |
