PT-2025-18287 · NetGear · Netgear Wnr2000V2
54357
·
Published
2025-04-17
·
Updated
2025-05-03
·
CVE-2025-4122
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear JWNR2000v2 version 1.0.0.11
Description
A critical issue was found in the function
sub 435E04, where the manipulation of the host argument leads to command injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.Recommendations
For Netgear JWNR2000v2 version 1.0.0.11, as a temporary workaround, consider restricting access to the
sub 435E04 function to minimize the risk of exploitation. Avoid using the host argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Wnr2000V2