CVE-2025-4122

CWE-74 CWE-77 — Command Injection CWE-3454 documents4 sources

Severity

5.3MEDIUM

EPSS

1.8%

top 17.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Jwnr2000v2 Netgear Jwnr2000v2 Firmware

Timeline

PublishedApr 30

Description

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5netgear/jwnr2000v21.0.0.11

▶NVDnetgear/jwnr2000v2_firmware1.0.0.11

🔴Vulnerability Details

CVEList

Netgear JWNR2000v2 sub_435E04 command injection↗2025-04-30

▶

GHSA

GHSA-95pf-9whm-h8rm: A vulnerability was found in Netgear JWNR2000v2 1↗2025-04-30

▶

📋Vendor Advisories

Microsoft

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium such as a flash dis↗2022-08-09

▶