CVE-2025-4135 | Netgear WG302v2 up to 5.2.9 ui_get_input_value host command injection

Inserito da Angelo Barbosa | Apr 30, 2025 | CVE

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection.

This vulnerability is handled as CVE-2025-4135. The attack may be launched remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4135 | Netgear WG302v2 up to 5.2.9 ui_get_input_value host command injection

Post correlati

CVE-2024-7396 | Korenix JetPort 5601v3 up to 1.2 missing encryption

CVE-2024-40060 | go-chart 2.1.1 drawCanvas infinite loop

CVE-2024-53320 | Qualisys C++ SDK a32a21a GetCurrentFrame/SaveCapture/LoadProject stack-based overflow (Issue 47)

CVE-2021-47134 | Linux Kernel up to 5.10.42/5.12.9 fdt setup_arch denial of service (5148066edbdc/8a7e8b4e5631/668a84c1bfb2)