← back
CVE-2025-4121

Netgear JWNR2000v2 cmd_wireless command injection

CVSS 5.3 MEDIUMEPSS 3.3%CWE-74CWE-77
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Netgear · JWNR2000v2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-cmd_wireless-port_phy_set/README.mdhttps://vuldb.com/?ctiid.306601https://vuldb.com/?id.306601https://vuldb.com/?submit.560775https://www.netgear.com/