CVE-2025-4121

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Apr 30, 2025
Updated: May 14, 2025
CVE: CVE-2025-4121
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / jwnr2000v2_firmware	1.0.0.11	1.0.0.11.x

https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-cmd_wireless-port_phy_set/README.md
https://vuldb.com/?ctiid.306601
https://vuldb.com/?id.306601
https://vuldb.com/?submit.560775
https://www.netgear.com/

Vulnerability Database

290,206

CVE-2025-4121