Command Injection Vulnerability in Netgear Wireless Access Point
CVE-2025-4135

6.3MEDIUM

Key Information:

Vendor: Netgear
Status: WG302v2
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-4135?

A command injection vulnerability has been identified in the Netgear WG302v2 wireless access point. This issue resides within the 'ui_get_input_value' function, where improper handling of the input argument 'host' allows for remote command injection. Attackers could exploit this vulnerability, giving them the ability to execute arbitrary commands on the affected device. This issue affects all versions of the WG302v2 up to 5.2.9. Despite early notifications, the vendor has not provided a response regarding any potential remediation.

References

https://github.com/jylsec/vuldb/blob/main/Netgear/netgear...

https://vuldb.com/?ctiid.306626

https://vuldb.com/?id.306626

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025