CVE-2025-4122

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Apr 30, 2025
Updated: May 13, 2025
CVE: CVE-2025-4122
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74
CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / jwnr2000v2_firmware	1.0.0.11	1.0.0.11.x

https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-sub_435E04-auth_mac/README.md
https://vuldb.com/?ctiid.306602
https://vuldb.com/?id.306602
https://vuldb.com/?submit.560776
https://www.netgear.com/

Vulnerability Database

290,206

CVE-2025-4122