NETGEAR Nighthawk Speedtest DNS-MITM (RS7001.0.7.82, RAXV1.1.6.36)
CVE-2025-12946 Published on December 9, 2025

Improper input validation in NETGEAR Nighthawk routers
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46;RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Vendor Advisory NVD

Timeline

2025-12-09

published

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2025-12946

Want to know whenever a new CVE is published for Netgear products? stack.watch will email you.

Netgear Rs700

Netgear Rax54sv2

Netgear Rax41v2

Netgear Rax50

Netgear Raxe500

Netgear Rax41

Netgear Rax43

Netgear Rax35v2

Netgear Raxe450

Netgear Rax43v2

Netgear Rax42

Netgear Rax45

Netgear Rax50v2

Netgear Mr90

Netgear Rax42v2

Netgear Rax49s

Netgear Ms90

Affected Versions

NETGEAR RS700:

Before and including 1.0.7.82 is affected.

NETGEAR RAX54Sv2:

Before V1.1.6.36 is affected.

NETGEAR RAX41v2:

Before V1.1.6.36 is affected.

NETGEAR RAX50:

Before V1.2.14.114 is affected.

NETGEAR RAXE500:

Before V1.2.14.114 is affected.

NETGEAR RAX41:

Before V1.0.17.142 is affected.

NETGEAR RAX43:

Before V1.0.17.142 is affected.

NETGEAR RAX35v2:

Before V1.0.17.142 is affected.

NETGEAR RAXE450:

Before V1.2.14.114 is affected.

NETGEAR RAX43v2:

Before V1.1.6.36 is affected.

NETGEAR RAX42:

Before V1.0.17.142 is affected.

NETGEAR RAX45:

Before V1.0.17.142 is affected.

NETGEAR RAX50v2:

Before V1.1.6.36 is affected.

NETGEAR MR90:

Before V1.0.2.46 is affected.

NETGEAR RAX42v2:

Before V1.1.6.36 is affected.

NETGEAR RAX49S:

Before V1.1.6.36 is affected.

NETGEAR MS90:

Before V1.0.2.46 is affected.

Exploit Probability

EPSS

0.08%

Percentile

22.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.