CVE-2025-4010

Published Jun 2, 2025

Last updated a month ago

CVSS high 8.6

Overview

Description
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
Source
research@onekey.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

research@onekey.com
CWE-77

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #CVE20254010 CVE-2025-4010: ONEKEY Uncovers Critical Remote Code Execution Flaw in Netcomm/Lantronix 4G Gateways https://t.co/AB3VsWDAoP

    @Komodosec

    8 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-4010: HIGH] Netcom NTC 6200 & NWL 222 series have vulnerabilities allowing remote attackers to execute arbitrary commands with high privileges due to insecure web interface and hardcoded passwords.#cve,CVE-2025-4010,#cybersecurity https://t.co/GgO9Tw44Dr https://t.c

    @CveFindCom

    2 Jun 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A high-serverity vulnerability (CVE-2025-4010) in Netcomm Wireless devices allows remote code execution, impacting industrial and telecom networks. #NetcommVulnerability #CVE20254010 #CybersecurityAlert https://t.co/9ZsfTLquoP

    @the_yellow_fall

    2 Jun 2025

    108 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. We continue publishing advisories on issues identified by our platform using bash static analysis. Today we look at CVE-2025-4010 affecting Netcomm (aka Lantronix) NTC-6200 and NWL series. We're still waiting for a proper patch. Link below 👇 https://t.co/LuSTDopfm3

    @qkaiser

    2 Jun 2025

    460 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-4010 The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitr… https://t.co/18sOb5pnCd

    @CVEnew

    2 Jun 2025

    369 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.