← back
CVE-2025-4010

Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

CVSS 8.6 HIGHEPSS 0.6%CWE-77
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Netcomm · NTC 6200Netcomm · NWL-222

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-netcomm-ntc-6200-and-nwl-222