Cyber Posture

CVE-2025-50526

Critical

Published: 23 December 2025

Published
23 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection in the switch_status function by validating and sanitizing untrusted inputs against expected formats.

SI-2 Flaw Remediation good match
prevent

Remediates the specific command injection flaw in Netgear EX8000 firmware V1.0.0.126 through timely identification, testing, and application of patches.

AC-3 Access Enforcement good match
prevent

Enforces access control policies to block unauthenticated remote access to the vulnerable switch_status function.

Security SummaryAI

CVE-2025-50526 is a command injection vulnerability affecting the Netgear EX8000 router on firmware version V1.0.0.126. The issue resides in the switch_status function and is classified as CWE-77: Command Injection. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by unauthenticated remote attackers with network access, requiring low complexity and no user interaction. Exploitation enables arbitrary command injection, allowing attackers to achieve remote code execution and potentially full compromise of the device, including data theft, modification, or denial of service.

Proof-of-concept materials, including a PDF analysis and MP4 demonstration, are available via GitHub repositories at https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/cve-netgear_EX8000_CI_switch_status.pdf and https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/netgear_EX8000_CI_switch_status.mp4. No official advisories or patch details from Netgear are referenced in the available information.

Details

CWE(s)
CWE-77

Affected Products

netgear
ex8000 firmware
1.0.0.126

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Unauthenticated remote command injection in router management function enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References