- Description
- Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later
- Source
- a2826606-91e7-4eb6-899e-8484bd4575d5
- NVD status
- Analyzed
- Products
- rax30_firmware, raxe300_firmware
CVSS 4.0
- Type
- Secondary
- Base score
- 5.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Amber
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- a2826606-91e7-4eb6-899e-8484bd4575d5
- CWE-295
- Hype score
- Not currently trending
It's here. Full video just went live. I weaponized CVE-2025-12943 on the @NETGEAR Nighthawk RAXE300, no public PoC existed so I built the entire chain from scratch. Stop sleeping on N-days. https://t.co/6QNzQ7hgG9 #cybersecurity #hacking #infosec
@JakeSwiz80263
27 Mar 2026
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I literally could not believe what I was looking at The entire firmware update system uses curl --insecure That means the router will accept ANY certificate from ANYONE. Your @NETGEAR Nighthawk RAXE300 just... trusts whatever it connects to CVE-2025-12943 // @CISAgov #CVE
@JakeSwiz80263
25 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12943 -- as of 03/25/2026, no PUBLIC proof-of-concept (PoC) exploit exists. I decided to challenge myself and change that. Okay so I pulled the old firmware and the patched firmware off Netgear's site, extracted both, loaded them into Ghidra, and started diffing them!
@JakeSwiz80263
25 Mar 2026
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12943 -- as of 03/25/2026, no PUBLIC proof-of-concept (PoC) exploit exists. I decided to challenge myself and change that. Okay so I pulled the old firmware and the patched firmware off Netgear's site, extracted both, loaded them into Ghidra, and started diffing ONE l
@JakeSwiz80263
25 Mar 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE447F48-3725-4BF7-A83F-A3C36549F60D",
"versionEndExcluding": "1.0.14.108",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:raxe300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B7657D-2C55-4C4C-AC18-DF2B0961C06C",
"versionEndExcluding": "1.0.9.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:raxe300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3BE955-696E-41D6-B281-1473EC803803",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]