Command Injection Vulnerability in Netgear JWNR2000v2 Router
CVE-2025-4122

5.3MEDIUM

Key Information:

Vendor

Netgear
Status
Jwnr2000v2
Vendor
CVE Published:
30 April 2025
đź”” Create Netgear Vulnerability Alert

What is CVE-2025-4122?

A security flaw exists in the Netgear JWNR2000v2 router, specifically within the function sub_435E04. This vulnerability allows an attacker to execute arbitrary commands on the device by manipulating the host argument. The exploitation can occur remotely, posing a significant risk to users if not addressed promptly. Users are encouraged to remain vigilant and apply necessary protections to their networking devices.

Affected Version(s)

JWNR2000v2 1.0.0.11

References

https://vuldb.com/?id.306602
vdb-entrytechnical-description
https://vuldb.com/?ctiid.306602
signaturepermissions-required
https://vuldb.com/?submit.560776
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

54357 (VulDB User)
.