CVE-2025-12942 MEDIUM

CVE-2025-12942: Improper input validation in NETGEAR R6260 and R6850

Vendor Netgear

Product R6260

Weakness CWE-20 · Input validation

Published November 11, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Adjacent

Attack complexity High

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:L/U:Amber

What the vulnerability does

01Description

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12942

Related vulnerabilities

Identifiers

CVE CVE-2025-12942

CWE CWE-20

CVSS 4.8 / MEDIUM

Affected versions

Vendor Netgear

Product R6260

Affected ≤ 1.1.0.86

Vendor Netgear

Product R6850

Affected ≤ 1.1.0.86

CVE-2025-12942: Improper input validation in NETGEAR R6260 and R6850

01Description

02Disclosure timeline

03References

04Related CVE