R6260 Firmware
CVE-2025-12942
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber
Lifecycle Timeline
2DescriptionCVE.org
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
AnalysisAI
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.1.0.86; R6850: through 1.1.0.86. Affected products include: Netgear R6260 Firmware, Netgear R6850 Firmware. Version information: through 1.1.0.86.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in R6260 Firmware
View allCertain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the L
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today