CVE-2025-12946

Q: What is the severity of CVE-2025-12946?

CVE-2025-12946 has a CVSS score of 7.5 (HIGH). This vulnerability in NETGEAR Nighthawk routers allows attackers on the WAN side to execute commands by manipulating DNS responses during speedtests. It affects multiple router models when running vulnerable firmware versions. Attackers can exploit this using man-in-the-middle techniques.

7.5 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability in NETGEAR Nighthawk routers allows attackers on the WAN side to execute commands by manipulating DNS responses during speedtests. It affects multiple router models when running vulnerable firmware versions. Attackers can exploit this using man-in-the-middle techniques.

💻 Affected Systems

Products:

RS700
RAX54Sv2
RAX41v2
RAX50
RAXE500
RAX41
RAX43
RAX35v2
RAXE450
RAX43v2
RAX42
RAX45
RAX50v2
MR90
MS90
RAX42v2
RAX49S

Versions: See advisory for specific version ranges per model

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected routers with vulnerable firmware versions are vulnerable by default when speedtest feature is enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the router, allowing attackers to take full control, intercept traffic, modify configurations, or pivot to internal networks.

🟠

Likely Case

Attackers execute limited commands to disrupt router functionality, modify DNS settings, or deploy malware on the router.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to router compromise without lateral movement to internal systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires man-in-the-middle position on WAN side and user to run speedtest. No authentication needed for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by model - see NETGEAR advisory for specific fixed versions

Vendor Advisory: https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to firmware update section. 3. Check for updates. 4. Download and install latest firmware. 5. Reboot router after update.

🔧 Temporary Workarounds

Disable Speedtest Feature

all

Temporarily disable the speedtest functionality to prevent exploitation.

Use VPN for Speedtests

all

Route speedtest traffic through a VPN to prevent DNS manipulation.

🧯 If You Can't Patch

Segment router from internal network using VLANs or separate physical network
Monitor for unusual DNS traffic or speedtest activity from WAN side

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against affected versions in NETGEAR advisory.

Check Version:

Log into router admin interface and check firmware version in settings.

Verify Fix Applied:

Verify firmware version matches or exceeds fixed version listed in advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual speedtest activity
DNS response manipulation attempts
Unexpected command execution in router logs

Network Indicators:

DNS traffic anomalies during speedtests
Unusual outbound connections from router

SIEM Query:

Search for speedtest-related events followed by command execution or DNS anomalies.

📊 Metadata

CVE ID: CVE-2025-12946

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.07% exploit probability (20.8th percentile)

Published: December 9, 2025

Last Updated: January 21, 2026

🔗 References

https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory Patch,Vendor Advisory
https://www.netgear.com/support/product/RAX50 Patch,Product
https://www.netgear.com/support/product/mr90 Patch,Product
https://www.netgear.com/support/product/ms90 Patch,Product
https://www.netgear.com/support/product/rax35v2 Patch,Product
https://www.netgear.com/support/product/rax41 Patch,Product
https://www.netgear.com/support/product/rax41v2 Patch,Product
https://www.netgear.com/support/product/rax42 Patch,Product
https://www.netgear.com/support/product/rax42v2 Patch,Product
https://www.netgear.com/support/product/rax43 Patch,Product
https://www.netgear.com/support/product/rax43v2 Patch,Product
https://www.netgear.com/support/product/rax45 Patch,Product
https://www.netgear.com/support/product/rax49s Patch,Product
https://www.netgear.com/support/product/rax50v2 Patch,Product
https://www.netgear.com/support/product/rax54sv2 Patch,Product
https://www.netgear.com/support/product/raxe450 Patch,Product
https://www.netgear.com/support/product/raxe500 Patch,Product
https://www.netgear.com/support/product/rs700 Patch,Product

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mr90 Firmware by Netgear

Ms90 Firmware by Netgear

Rax35v2 Firmware by Netgear

Rax41 Firmware by Netgear

Rax41v2 Firmware by Netgear

Rax42 Firmware by Netgear

Rax42v2 Firmware by Netgear

Rax43 Firmware by Netgear

Rax43v2 Firmware by Netgear

Rax45 Firmware by Netgear

Rax45v2 Firmware by Netgear

Rax49s Firmware by Netgear

Rax50 Firmware by Netgear

Rax50v2 Firmware by Netgear

Rax54sv2 Firmware by Netgear

Raxe450 Firmware by Netgear

Raxe500 Firmware by Netgear

Rs700 Firmware by Netgear