CVE-2025-5147 | Netcore NBR1005GPEV2/NBR200V2/B6V2 up to 20250508 /usr/bin/network_tools tools_ping url command injection

Inserito da Angelo Barbosa | Mag 24, 2025 | CVE

A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection.

The identification of this vulnerability is CVE-2025-5147. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-5147 | Netcore NBR1005GPEV2/NBR200V2/B6V2 up to 20250508 /usr/bin/network_tools tools_ping url command injection

Post correlati

CVE-2024-1898 | Devolutions Server up to 2023.3.14.0 Notification access control (DEVO-2024-0002)

CVE-2024-44844 | DrayTek Vigor3900 1.5.1.6 run_command name command injection

CVE-2024-39701 | Directus up to 10.5.x _in/_nin access control (GHSA-hxgm-ghmv-xjjm)

CVE-2024-0624 | Paid Memberships Pro Plugin up to 2.12.7 on WordPress Level Orders Update cross-site request forgery