CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4122 – Netgear JWNR2000v2 sub_435E04 command injection
https://notcve.org/view.php?id=CVE-2025-4122
30 Apr 2025 — A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. • https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-sub_435E04-auth_mac/README.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4121 – Netgear JWNR2000v2 cmd_wireless command injection
https://notcve.org/view.php?id=CVE-2025-4121
30 Apr 2025 — A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. • https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Command_injection-cmd_wireless-port_phy_set/README.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4120 – Netgear JWNR2000v2 sub_4238E8 buffer overflow
https://notcve.org/view.php?id=CVE-2025-4120
30 Apr 2025 — A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. • https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Buffer_overflow-sub_4238E8-log_type/README.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4117 – Netgear JWNR2000v2 sub_41A914 buffer overflow
https://notcve.org/view.php?id=CVE-2025-4117
30 Apr 2025 — A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Netgear JWNR2000v2 1.0.0.11 gefunden. • https://vuldb.com/?id.306597 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4116 – Netgear JWNR2000v2 get_cur_lang_ver buffer overflow
https://notcve.org/view.php?id=CVE-2025-4116
30 Apr 2025 — A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?id.306596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4115 – Netgear JWNR2000v2 default_version_is_new buffer overflow
https://notcve.org/view.php?id=CVE-2025-4115
30 Apr 2025 — A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?id.306595 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4114 – Netgear JWNR2000v2 check_language_file buffer overflow
https://notcve.org/view.php?id=CVE-2025-4114
30 Apr 2025 — A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_JWNR2000v2/Buffer_overflow-check_language_file-GUI_Region/README.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39550
https://notcve.org/view.php?id=CVE-2023-39550
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38922
https://notcve.org/view.php?id=CVE-2023-38922
07 Aug 2023 — Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/http_passwd_auth/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •