CVE-2025-64444

Summary

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.

Affected Software

VendorProductVersion RangeStatus
Sony Network Communications Inc.NCP-HG100/Cellular model1.4.48.16 and earlieraffected
Sony Network Communications Inc.NCP-HG100/WLAN model1.4.48.16 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References