Login Sign Up

CVE-2025-12944

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers with direct network access to the NETGEAR DGN2200v4 router to potentially execute arbitrary code on the device due to improper input validation. It affects users of this specific router model who have not updated to the patched firmware version. Attackers could gain full control of the router if successfully exploited.

💻 Affected Systems

Products:
  • NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router)
Versions: All firmware versions before 1.0.0.132
Operating Systems: Embedded router OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires direct network access to the router's management interface. Default configuration exposes web management interface.

📦 What is this software?

Dgn2200 Firmware by Netgear

View all CVEs affecting Dgn2200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept/modify all network traffic, install persistent malware, pivot to internal network devices, or brick the device.

🟠

Likely Case

Router compromise leading to network traffic interception, DNS hijacking, credential theft, or use as a botnet node.

🟢

If Mitigated

Limited impact if router is behind additional firewalls, has restricted management interfaces, and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The advisory states attackers need direct network access but doesn't specify authentication requirements. Input validation flaws often lead to unauthenticated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.0.132 or later

Vendor Advisory: https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025

Restart Required: Yes

Instructions:

1. Log into router web interface. 2. Navigate to Advanced > Administration > Router Update. 3. Click 'Check' for updates. 4. If update available, click 'Yes' to install. 5. Wait for router to reboot automatically.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit which devices can access the router's management interface

Disable Remote Management

all

Turn off web-based management from WAN interface

🧯 If You Can't Patch

  • Replace the router with a supported model
  • Place router behind a firewall with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in router web interface under Advanced > Administration > Router Status

Check Version:

Not applicable - use web interface

Verify Fix Applied:

Verify firmware version shows 1.0.0.132 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual login attempts to router management interface
  • Multiple failed input validation attempts
  • Unexpected configuration changes

Network Indicators:

  • Unusual traffic patterns from router to external IPs
  • DNS queries to suspicious domains from router
  • Port scanning originating from router

SIEM Query:

Not provided in advisory

📊 Metadata

CVE ID: CVE-2025-12944
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.05% exploit probability (15.3th percentile)
Published: November 11, 2025
Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12944, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)