Command Injection Vulnerability in Netgear Wireless Router
CVE-2025-4121

5.3MEDIUM

Key Information:

Vendor

Netgear
Status
Jwnr2000v2
Vendor
CVE Published:
30 April 2025

What is CVE-2025-4121?

A command injection vulnerability has been discovered in the Netgear JWNR2000v2 router with firmware version 1.0.0.11, specifically within the cmd_wireless function. By manipulating the argument 'host', an attacker can execute arbitrary commands on the affected device remotely, potentially compromising the security and integrity of the network. Despite early notification to Netgear, there has been no response regarding a mitigation strategy, leaving users exposed to potential attacks.

Affected Version(s)

JWNR2000v2 1.0.0.11

References

https://vuldb.com/?id.306601
vdb-entrytechnical-description
https://vuldb.com/?ctiid.306601
signaturepermissions-required
https://vuldb.com/?submit.560775
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yummysoup2 (VulDB User)
.
The Cyber Security Vulnerability Database.