Which versions of Netgear are affected by CVE-2025-7407?

CVE-2025-7407 presents moderate security risk, a command injection vulnerability rated CVSS 6.3. Exploitation could allow attackers to execute code or inject malicious input.

Is there a public PoC exploit available for CVE-2025-7407?

Yes, a public proof-of-concept exploit is available for CVE-2025-7407. Prioritise patching immediately. EPSS: 0.8%.

How to fix or mitigate CVE-2025-7407?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Netgear CVE-2025-7407

Q: What is the CVSS score of CVE-2025-7407?

CVE-2025-7407 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2025-20999 LOW

Command Injection (CWE-77)

2025-07-10 cna@vuldb.com

Command Injection Netgear

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-20999

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

PoC Detected

Jul 16, 2025 - 16:41 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 14:15 nvd

MEDIUM 6.3

DescriptionNVD

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

CVE-2025-7407 vulnerability details – vuln.today

Back

Netgear CVE-2025-7407

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Share

External POC / Exploit Code