CVE-2025-64444
📋 TL;DR
This OS command injection vulnerability in NCP-HG100 network devices allows authenticated attackers to execute arbitrary commands with root privileges. Attackers who have obtained login credentials can exploit this to take full control of affected devices. This affects NCP-HG100 version 1.4.48.16 and earlier.
💻 Affected Systems
- NCP-HG100
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, exfiltrate data, or use device as attack platform.
Likely Case
Attackers with stolen credentials execute commands to gain persistent access, modify configurations, or deploy malware.
If Mitigated
With proper network segmentation and credential protection, impact limited to isolated device compromise.
🎯 Exploit Status
Exploitation requires authentication but command injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.48.17 or later
Vendor Advisory: https://support.sonynetwork.co.jp/faqsupport/manoma/web/knowledge11157.html
Restart Required: Yes
Instructions:
1. Download firmware update from vendor site. 2. Log into management interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Reboot device.
🔧 Temporary Workarounds
Network Segmentation
allIsolate NCP-HG100 devices from internet and restrict access to management interface.
Credential Hardening
allImplement strong unique passwords and enable multi-factor authentication if supported.
🧯 If You Can't Patch
- Remove internet-facing access to management interface immediately
- Implement strict network ACLs allowing only trusted IPs to access management interface
🔍 How to Verify
Check if Vulnerable:
Check firmware version in device management interface under System Information.Check Version:
Login to web interface and check System > Firmware VersionVerify Fix Applied:
Confirm firmware version is 1.4.48.17 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed login attempts followed by successful login
Network Indicators:
- Unusual outbound connections from device
- Suspicious payloads in HTTP requests to management interface
SIEM Query:
source="ncp-hg100-logs" AND (event="command_execution" OR event="system_call")