CVE-2025-4010 HIGH

CVE-2025-4010: Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

Vendor Netcomm
Product NTC 6200
Weakness CWE-77
Published June 2, 2025
Last update June 2, 2025

CVSS base score

8.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.

Key dates

02Disclosure timeline

June 2, 2025 CVE published
June 2, 2025 Record updated