CVE-2025-45493

MEDIUM

Netgear EX8000 Firmware V1.0.0.126 - Command Injection via iface Parameter in action_bandwidth Function

Title source: llm

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

Core 2

Core References

Broken Link

Broken Link

CVSS v3 6.5

EPSS 0.0078

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

CWE

CWE-77

Status published

Products (1)

netgear/ex8000_firmware 1.0.0.126

Published Dec 23, 2025

Tracked Since Feb 18, 2026