CVE-2025-4121

MEDIUM Year: 2025
CVSS v3 Score
9.8
Critical
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2005-3056

CRITICAL
CVSS:9.8(Critical)

TWiki allows arbitrary shell command execution via the Include function

CWE-742005

CVE-2011-2717

CRITICAL
CVSS:9.8(Critical)

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message...

CWE-742011

CVE-2012-1495

CRITICAL
CVSS:9.8(Critical)

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

CWE-742012

CVE-2013-1437

CRITICAL
CVSS:9.8(Critical)

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CWE-742013

CVE-2013-2010

CRITICAL
CVSS:9.8(Critical)

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

CWE-742013

CVE-2013-2095

CRITICAL
CVSS:9.8(Critical)

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

CWE-742013