Command Injection Vulnerability in Netgear Wireless Access Point
CVE-2025-4135

6.3MEDIUM

Key Information:

Vendor: Netgear
Status: WG302v2
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-4135?

A command injection vulnerability has been identified in the Netgear WG302v2 wireless access point. This issue resides within the 'ui_get_input_value' function, where improper handling of the input argument 'host' allows for remote command injection. Attackers could exploit this vulnerability, giving them the ability to execute arbitrary commands on the affected device. This issue affects all versions of the WG302v2 up to 5.2.9. Despite early notifications, the vendor has not provided a response regarding any potential remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/jylsec/vuldb/blob/main/Netgear/netgear...

https://vuldb.com/?ctiid.306626

https://vuldb.com/?id.306626

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2025

JSON

Netgear

What is CVE-2025-4135?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.