CVE-2025-5495

| EUVD-2025-16726 HIGH
2025-06-03 [email protected]
7.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16726
PoC Detected
Aug 11, 2025 - 18:48 vuln.today
Public exploit code
CVE Published
Jun 03, 2025 - 13:15 nvd
HIGH 7.3

Tags

Authentication Bypass Netgear Path Traversal Wnr614 Firmware

Description

A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.

Analysis

Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions.

Technical Context

The vulnerability exploits improper input validation in the URL handler component of the Netgear WNR614 web-based management interface. The null-byte (%00) injection technique bypasses authentication checks by truncating the URL path during processing—a classic path traversal/authentication bypass pattern (CWE-287: Improper Authentication). The affected endpoint currentsetting.htm likely contains sensitive router configuration data including network settings, credentials, and system parameters. CPE identifier: cpe:2.7:o:netgear:wnr614_firmware:1.1.0.28_1.0.1ww:*:*:*:*:*:*:*. The root cause stems from inadequate validation of user-supplied input before authentication middleware processes the request, allowing the null byte to short-circuit authentication checks or cause path confusion in the web server stack.

Affected Products

WNR614 (['1.1.0.28_1.0.1WW'])

Remediation

Firmware Patch: Check Netgear support site (https://www.netgear.com/support/) for WNR614 firmware updates. Manually enter your device's serial number or model to verify latest available firmware version beyond 1.1.0.28_1.0.1WW. Deploy firmware update via device admin interface (Administration > Firmware Upgrade).; priority: Critical Network Isolation Mitigation: Restrict access to router web interface (default ports 80/443) via firewall rules. Disable remote management if enabled (Administration > Remote Management). Isolate WNR614 management traffic to trusted administrative networks only. Implement IP whitelisting if firewall supports it.; priority: High Credential Hardening: Change default admin credentials immediately (default: admin/password). Use strong, unique credentials for web interface access. This does not mitigate the vulnerability but raises attacker friction.; priority: Medium Device Replacement: If no patched firmware is available, consider replacing WNR614 with current-generation Netgear router models receiving active security support (e.g., WAX200 series or newer).; priority: Medium-Long term

Priority Score

57
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +36
POC: +20

Share

CVE-2025-5495 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy