CVE-2025-5146 | Netcore NBR200V2 up to 20250508 HTTP Header /usr/bin/routerd passwd_set pwd command injection

Inserito da Angelo Barbosa | Mag 24, 2025 | CVE

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argument pwd leads to command injection.

This vulnerability was named CVE-2025-5146. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-5146 | Netcore NBR200V2 up to 20250508 HTTP Header /usr/bin/routerd passwd_set pwd command injection

Post correlati

CVE-2024-56947 | Xiamen Meitu Technology BeautyCam 12.3.60 on iOS Link information disclosure

CVE-2024-9269 | Relogo Plugin up to 0.4.2 on WordPress SVG File Upload cross site scripting

CVE-2024-7878 | WP ULike Plugin up to 4.7.3 on WordPress Setting cross site scripting

CVE-2025-4432 | ring AES new_mask denial of service