Cyber Posture

CVE-2025-28219

CriticalRCE

Published: 28 March 2025

Published
28 March 2025
Modified
02 May 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1170 93.7th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-28219 is a critical-severity OS Command Injection (CWE-78) vulnerability in Netgear Dc112A Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents OS command injection by requiring validation and sanitization of untrusted inputs like the deviceName parameter in usb_adv.cgi.

SI-2 Flaw Remediation good match
prevent

Addresses the vulnerability by identifying, prioritizing, and remediating the input validation flaw in Netgear DC112A firmware V1.0.0.64.

SC-7 Boundary Protection partial match
preventdetect

Boundary protection with web application firewalls monitors and blocks malicious POST requests containing command injection payloads to usb_adv.cgi.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in public-facing usb_adv.cgi enables remote unauthenticated exploitation of the web application (T1190) and direct execution of arbitrary Unix shell commands (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.

Deeper analysisAI

CVE-2025-28219 is an OS command injection vulnerability (CWE-78) in the Netgear DC112A device running firmware version V1.0.0.64. The issue affects the usb_adv.cgi component, where the "deviceName" parameter passed to a binary via a POST request lacks proper input validation, allowing remote attackers to inject and execute arbitrary operating system commands.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability. Unauthenticated remote attackers can exploit it to gain full control over the device by crafting malicious POST requests to usb_adv.cgi.

A technical analysis of the vulnerability is documented in a PDF available at https://github.com/IdaJea/IOT_vuln_1/blob/master/DC112A_V1.0.0.64/sub_69600.pdf. No official advisories or patches are referenced in the provided information.

Details

CWE(s)
CWE-78

Affected Products

netgear
dc112a firmware
1.0.0.64

CVEs Like This One

CVE-2024-54803Same vendor: Netgear
CVE-2024-54804Same vendor: Netgear
CVE-2024-54808Same vendor: Netgear
CVE-2024-54805Same vendor: Netgear
CVE-2025-50526Same vendor: Netgear
CVE-2024-54802Same vendor: Netgear
CVE-2024-54806Same vendor: Netgear
CVE-2024-54807Same vendor: Netgear
CVE-2025-7407Same vendor: Netgear
CVE-2026-25070Shared CWE-78

References