漏洞关键信息 摘要 漏洞编号: JVNV#49899607 漏洞名称: NCP-HG100 Vulnerable to OS Command Injection 发布日期: 2025/11/14 更新日期: 2025/11/14 影响产品 NCP-HG100/Cellular model: Firmware versions 1.4.48.16 and earlier NCP-HG100/WLAN model: Firmware versions 1.4.48.16 and earlier 漏洞描述 类型: OS Command Injection (CWE-78) CVSS: - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE编号: CVE-2025-64444 影响 A remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges. 解决方案 更新固件: Update the firmware to the latest version 1.4.48.17 (Cellular model) or 1.4.48.17 (WLAN model) according to the developer's instructions. 参考 Firmware Update Announcement (Japanese) 其他信息 CVE编号: CVE-2025-64444 JVNDB编号: JVNDB-2025-000105