CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4121: Netgear JWNR2000v2 cmd_wireless command injection

5.3 CVSS

Description

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. In Netgear JWNR2000v2 1.0.0.11 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion cmd_wireless. Durch das Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

Classification

CVE ID: CVE-2025-4121

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem Types

Command Injection Injection

Affected Products

Vendor: Netgear

Product: JWNR2000v2

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.33% (probability of being exploited)

EPSS Percentile: 54.92% (scored less or equal to compared to others)

EPSS Date: 2025-05-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4121
https://vuldb.com/?id.306601
https://vuldb.com/?ctiid.306601
https://vuldb.com/?submit.560775
https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-cmd_wireless-port_phy_set/README.md
https://www.netgear.com/

Timeline

2025-04-30 14:40:19 UTC
CVE

Netgear JWNR2000v2 cmd_wireless command injection