Ex8000 Firmware
CVE-2025-45492
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
AnalysisAI
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Affected products include: Netgear Ex8000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
More in Ex8000 Firmware
View allCertain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. Rated critical sev
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R780
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R780
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.0), this
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today