QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-12946

Back to search

CVE-2025-12946

Published: Dec 9, 2025

Modified: Feb 26, 2026

PUBLISHED

Description

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

VendorProductVersions

NETGEAR

RS700

affected
0 - <= 1.0.7.82

NETGEAR

RAX54Sv2

affected
0 - < V1.1.6.36

NETGEAR

RAX41v2

affected
0 - < V1.1.6.36

NETGEAR

RAX50

affected
0 - < V1.2.14.114

NETGEAR

RAXE500

affected
0 - < V1.2.14.114

NETGEAR

RAX41

affected
0 - < V1.0.17.142

NETGEAR

RAX43

affected
0 - < V1.0.17.142

NETGEAR

RAX35v2

affected
0 - < V1.0.17.142

NETGEAR

RAXE450

affected
0 - < V1.2.14.114

NETGEAR

RAX43v2

affected
0 - < V1.1.6.36

NETGEAR

RAX42

affected
0 - < V1.0.17.142

NETGEAR

RAX45

affected
0 - < V1.0.17.142

NETGEAR

RAX50v2

affected
0 - < V1.1.6.36

NETGEAR

MR90

affected
0 - < V1.0.2.46

NETGEAR

RAX42v2

affected
0 - < V1.1.6.36

NETGEAR

RAX49S

affected
0 - < V1.1.6.36

NETGEAR

MS90

affected
0 - < V1.0.2.46

Weaknesses (CWE)

CWE-20

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now