CVE-2025-12941: CWE-306 Missing Authentication for Critical Function in NETGEAR C6220
CVE-2025-12941 is a medium-severity denial of service vulnerability affecting NETGEAR C6220 and C6230 cable modem + WiFi routers. The flaw stems from missing authentication for a critical function, allowing any authenticated local WiFi user to reboot the router without proper authorization. Exploitation requires local network access and low privileges but no user interaction. This can disrupt network availability by forcing unexpected device reboots. No public exploits are known yet, and no patches have been released. European organizations using these NETGEAR models should be aware of potential service interruptions. Mitigations include restricting WiFi access, segmenting networks, and monitoring for unusual reboot activity. Countries with higher NETGEAR market share and critical infrastructure relying on these devices are at greater risk.
AI Analysis
Technical Summary
CVE-2025-12941 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) that affects NETGEAR C6220 and C6230 DOCSIS 3.0 two-in-one cable modem and WiFi routers. The vulnerability allows any authenticated local WiFi user to trigger a denial of service by rebooting the router remotely without requiring additional privileges or user interaction. The root cause is the absence of proper authentication controls on the reboot function, which is critical for device availability. The CVSS 4.0 vector indicates the attack requires local access (AV:A), low attack complexity (AC:L), privileges (PR:L), no user interaction (UI:N), and results in high impact on availability (VA:H). Confidentiality and integrity impacts are none. The vulnerability was published in December 2025, with no known exploits in the wild or patches available at this time. The affected versions are unspecified beyond the product models. This vulnerability could be exploited by any WiFi user connected to the network, including guests or unauthorized users if WiFi access controls are weak. The consequence is a denial of service through forced router reboot, causing network downtime and potential disruption of business operations or home connectivity.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to network availability. A successful exploit can cause unexpected router reboots, leading to temporary loss of internet connectivity and disruption of critical services relying on stable network access. This can affect small and medium enterprises using these consumer-grade NETGEAR devices as primary internet gateways, as well as home offices increasingly integrated into corporate networks. In sectors such as healthcare, finance, or public administration, even short network outages can have significant operational and reputational impacts. Additionally, attackers with local WiFi access could leverage this vulnerability as part of a broader attack chain to cause denial of service or create distractions during other malicious activities. The lack of authentication for reboot functions also indicates potential weaknesses in device security posture, raising concerns about other possible vulnerabilities.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict WiFi access strictly to trusted users by enforcing strong WPA3 encryption and robust password policies to prevent unauthorized local access. 2) Segment the network to isolate critical devices and infrastructure from guest or less trusted WiFi networks, reducing the attack surface. 3) Monitor router logs and network behavior for unusual reboot patterns or connectivity interruptions that may indicate exploitation attempts. 4) Disable remote management features on the affected devices if not required, to limit exposure. 5) Engage with NETGEAR support channels to obtain firmware updates or patches as soon as they become available. 6) Consider replacing vulnerable devices with models that have stronger authentication controls for critical functions. 7) Educate users about the risks of connecting unknown devices to the WiFi network and enforce network access control policies. These targeted actions go beyond generic advice by focusing on access control, monitoring, and device lifecycle management specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-12941: CWE-306 Missing Authentication for Critical Function in NETGEAR C6220
Description
CVE-2025-12941 is a medium-severity denial of service vulnerability affecting NETGEAR C6220 and C6230 cable modem + WiFi routers. The flaw stems from missing authentication for a critical function, allowing any authenticated local WiFi user to reboot the router without proper authorization. Exploitation requires local network access and low privileges but no user interaction. This can disrupt network availability by forcing unexpected device reboots. No public exploits are known yet, and no patches have been released. European organizations using these NETGEAR models should be aware of potential service interruptions. Mitigations include restricting WiFi access, segmenting networks, and monitoring for unusual reboot activity. Countries with higher NETGEAR market share and critical infrastructure relying on these devices are at greater risk.
AI-Powered Analysis
Technical Analysis
CVE-2025-12941 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) that affects NETGEAR C6220 and C6230 DOCSIS 3.0 two-in-one cable modem and WiFi routers. The vulnerability allows any authenticated local WiFi user to trigger a denial of service by rebooting the router remotely without requiring additional privileges or user interaction. The root cause is the absence of proper authentication controls on the reboot function, which is critical for device availability. The CVSS 4.0 vector indicates the attack requires local access (AV:A), low attack complexity (AC:L), privileges (PR:L), no user interaction (UI:N), and results in high impact on availability (VA:H). Confidentiality and integrity impacts are none. The vulnerability was published in December 2025, with no known exploits in the wild or patches available at this time. The affected versions are unspecified beyond the product models. This vulnerability could be exploited by any WiFi user connected to the network, including guests or unauthorized users if WiFi access controls are weak. The consequence is a denial of service through forced router reboot, causing network downtime and potential disruption of business operations or home connectivity.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to network availability. A successful exploit can cause unexpected router reboots, leading to temporary loss of internet connectivity and disruption of critical services relying on stable network access. This can affect small and medium enterprises using these consumer-grade NETGEAR devices as primary internet gateways, as well as home offices increasingly integrated into corporate networks. In sectors such as healthcare, finance, or public administration, even short network outages can have significant operational and reputational impacts. Additionally, attackers with local WiFi access could leverage this vulnerability as part of a broader attack chain to cause denial of service or create distractions during other malicious activities. The lack of authentication for reboot functions also indicates potential weaknesses in device security posture, raising concerns about other possible vulnerabilities.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict WiFi access strictly to trusted users by enforcing strong WPA3 encryption and robust password policies to prevent unauthorized local access. 2) Segment the network to isolate critical devices and infrastructure from guest or less trusted WiFi networks, reducing the attack surface. 3) Monitor router logs and network behavior for unusual reboot patterns or connectivity interruptions that may indicate exploitation attempts. 4) Disable remote management features on the affected devices if not required, to limit exposure. 5) Engage with NETGEAR support channels to obtain firmware updates or patches as soon as they become available. 6) Consider replacing vulnerable devices with models that have stronger authentication controls for critical functions. 7) Educate users about the risks of connecting unknown devices to the WiFi network and enforce network access control policies. These targeted actions go beyond generic advice by focusing on access control, monitoring, and device lifecycle management specific to this vulnerability.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- NETGEAR
- Date Reserved
- 2025-11-10T07:35:22.119Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 693859487515e08d31691a20
Added to database: 12/9/2025, 5:15:52 PM
Last enriched: 12/16/2025, 9:11:48 PM
Last updated: 2/7/2026, 9:52:01 PM
Views: 122
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15564: Divide By Zero in Mapnik
MediumCVE-2026-2113: Deserialization in yuan1994 tpadmin
MediumCVE-2026-2111: Path Traversal in JeecgBoot
MediumCVE-2026-2110: Improper Restriction of Excessive Authentication Attempts in Tasin1025 SwiftBuy
MediumCVE-2026-2109: Improper Authorization in jsbroks COCO Annotator
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.