Details of VAR-202512-0788

ID

VAR-202512-0788

CVE

CVE-2025-12945

TITLE

of netgear R7000P Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-024880

DESCRIPTION

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. OS There is a vulnerability that allows command injection. R7000P version of 1.3.3.154 It will affect up to.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-12945 // JVNDB: JVNDB-2025-024880

AFFECTED PRODUCTS

vendor:	netgear	model:	r7000p	scope:	lte	version:	1.3.3.154	Trust: 1.0
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	lte	version:	r7000p firmware 1.3.3.154 and earlier	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-024880 // NVD: CVE-2025-12945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-12945
value:	HIGH
Trust: 1.0
a2826606-91e7-4eb6-899e-8484bd4575d5:	CVE-2025-12945
value:	LOW
Trust: 1.0
NVD:	CVE-2025-12945
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-12945
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-12945
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024880 // NVD: CVE-2025-12945 // NVD: CVE-2025-12945

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024880 // NVD: CVE-2025-12945

PATCH

title:

December 2025 NETGEAR Security Advisory - NETGEAR Support

url:

https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

Trust: 0.8

sources: JVNDB: JVNDB-2025-024880

EXTERNAL IDS

db:	NVD	id:	CVE-2025-12945	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024880	Trust: 0.8

sources: JVNDB: JVNDB-2025-024880 // NVD: CVE-2025-12945

REFERENCES

url:	https://www.netgear.com/support/product/r7000p	Trust: 1.8
url:	https://kb.netgear.com/000070416/december-2025-netgear-security-advisory	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-12945	Trust: 0.8

sources: JVNDB: JVNDB-2025-024880 // NVD: CVE-2025-12945

SOURCES

db:	JVNDB	id:	JVNDB-2025-024880
db:	NVD	id:	CVE-2025-12945

LAST UPDATE DATE

2026-01-21T23:46:39.526000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024880	date:	2026-01-19T10:35:00
db:	NVD	id:	CVE-2025-12945	date:	2026-01-16T21:07:14.730

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024880	date:	2026-01-19T00:00:00
db:	NVD	id:	CVE-2025-12945	date:	2025-12-09T17:15:48.647