CVE-2025-28219
Published: 28 March 2025
Summary
CVE-2025-28219 is a critical-severity OS Command Injection (CWE-78) vulnerability in Netgear Dc112A Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Netgear DC112A firmware version 1.0.0.64 contains an OS command injection vulnerability tracked as CVE-2025-28219 and CWE-78. The flaw resides in the usb_adv.cgi endpoint, where the deviceName parameter supplied in a POST request is passed directly to a system binary without sanitization, enabling arbitrary command execution.
Unauthenticated remote attackers can exploit the issue over the network by sending a crafted POST request. Successful exploitation grants full control over the device, allowing arbitrary command execution with impacts to confidentiality, integrity, and availability, consistent with the CVSS 9.8 rating.
The sole reference is a technical analysis PDF hosted on GitHub that documents the vulnerable code path in sub_69600; no vendor advisory or patch information is provided in the available sources. The EPSS score has remained flat at 0.1170 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8622
Vulnerability details
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing usb_adv.cgi enables remote unauthenticated exploitation of the web application (T1190) and direct execution of arbitrary Unix shell commands (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents OS command injection by requiring validation and sanitization of untrusted inputs like the deviceName parameter in usb_adv.cgi.
Addresses the vulnerability by identifying, prioritizing, and remediating the input validation flaw in Netgear DC112A firmware V1.0.0.64.
Boundary protection with web application firewalls monitors and blocks malicious POST requests containing command injection payloads to usb_adv.cgi.