Sign-up

ID

VAR-202511-1472


CVE

CVE-2025-12942


DESCRIPTION

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

Trust: 1.0

sources: NVD: CVE-2025-12942

AFFECTED PRODUCTS

vendor:netgearmodel:r6260scope:ltversion:1.1.0.86

Trust: 1.0

vendor:netgearmodel:r6850scope:ltversion:1.1.0.86

Trust: 1.0

sources: NVD: CVE-2025-12942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2025-12942
value: HIGH

Trust: 1.0

a2826606-91e7-4eb6-899e-8484bd4575d5: CVE-2025-12942
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-12942
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-12942 // NVD: CVE-2025-12942

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2025-12942

EXTERNAL IDS

db:NVDid:CVE-2025-12942

Trust: 1.0

sources: NVD: CVE-2025-12942

REFERENCES

url:https://www.netgear.com/support/product/r6850

Trust: 1.0

url:https://kb.netgear.com/000070355/netgear-security-advisories-november-2025

Trust: 1.0

url:https://www.netgear.com/support/product/r6260

Trust: 1.0

sources: NVD: CVE-2025-12942

SOURCES

db:NVDid:CVE-2025-12942

LAST UPDATE DATE

2025-12-18T00:32:23.118000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-12942date:2025-12-08T14:26:54.563

SOURCES RELEASE DATE

db:NVDid:CVE-2025-12942date:2025-11-11T17:15:39.263