CVE-2025-48890

| EUVD-2025-18996 CRITICAL
2025-06-24 [email protected]
9.8
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-18996
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 05:15 nvd
CRITICAL 9.8

Tags

Command Injection RCE IoT Netgear

Description

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.

Analysis

CVE-2025-48890 is a critical OS command injection vulnerability in the miniigd SOAP service affecting WRH-733GBK and WRH-733GWH network storage devices. Remote unauthenticated attackers can execute arbitrary OS commands by sending specially crafted requests, achieving complete system compromise (CVSS 9.8). With an attack vector of Network/Low complexity/No privileges required, this vulnerability poses immediate risk to exposed devices.

Technical Context

The vulnerability exists in the miniigd SOAP service, which handles UPnP/SOAP protocol requests for device management and control. The root cause is CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), indicating insufficient input validation and sanitization of user-supplied data before passing it to OS command execution functions (likely system(), exec(), or equivalent). The SOAP service likely processes XML requests containing parameters that are directly interpolated into shell commands without proper escaping or parameterization. Affected products are WRH-733GBK (black) and WRH-733GWH (white) variants, which are consumer/prosumer NAS devices. The miniigd daemon typically runs with elevated privileges, amplifying the impact of command injection to full system compromise.

Affected Products

WRH-733GBK (black variant) and WRH-733GWH (white variant) network storage devices. CPE data would identify these as: cpe:2.3:h:vendor:wrh-733gbk:*:*:*:*:*:*:*:* and cpe:2.3:h:vendor:wrh-733gwh:*:*:*:*:*:*:*:* (vendor name to be confirmed from advisory). All firmware versions of these models are likely vulnerable unless specifically patched. Exact affected firmware versions and hardware revisions should be cross-referenced with the vendor's security advisory. Devices running miniigd SOAP service versions prior to a specific patch threshold are in scope.

Remediation

Immediate remediation steps: (1) Apply firmware patches released by the vendor for WRH-733GBK and WRH-733GWH—check vendor advisory for specific patched firmware versions; (2) If patches are unavailable, disable or restrict network access to the miniigd SOAP service port (typically UDP 1900, TCP 49152-49161) using firewall rules, allowing only trusted administrative networks; (3) Implement network segmentation to isolate NAS devices from untrusted networks; (4) Monitor device logs for suspicious SOAP requests or command injection patterns; (5) If exploitation is suspected, immediately isolate the device and audit for unauthorized access or data exfiltration; (6) Update to latest firmware as soon as vendor releases patched versions. Vendor advisory links and patch download URLs should be obtained directly from the manufacturer's security page or product support portal.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +49
POC: 0

Share

CVE-2025-48890 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy