Details of VAR-202504-3267

ID

VAR-202504-3267

CVE

CVE-2025-4120

TITLE

of netgear jwnr2000v2 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005029

DESCRIPTION

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear jwnr2000v2 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the parameter host of the sub_4238E8 function to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4120 // JVNDB: JVNDB-2025-005029 // CNVD: CNVD-2025-10402

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10402

AFFECTED PRODUCTS

vendor:	netgear	model:	jwnr2000v2	scope:	eq	version:	1.0.0.11	Trust: 1.6
vendor:	ネットギア	model:	jwnr2000v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jwnr2000v2	scope:	eq	version:	jwnr2000v2 firmware 1.0.0.11	Trust: 0.8
vendor:	ネットギア	model:	jwnr2000v2	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-10402 // JVNDB: JVNDB-2025-005029 // NVD: CVE-2025-4120

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4120
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-4120
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-005029
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-10402
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-4120
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-005029
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-10402
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4120
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-4120
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-005029
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10402 // JVNDB: JVNDB-2025-005029 // NVD: CVE-2025-4120 // NVD: CVE-2025-4120

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005029 // NVD: CVE-2025-4120

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4120	Trust: 3.2
db:	VULDB	id:	306600	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-005029	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10402	Trust: 0.6

sources: CNVD: CNVD-2025-10402 // JVNDB: JVNDB-2025-005029 // NVD: CVE-2025-4120

REFERENCES

url:	https://vuldb.com/?id.306600	Trust: 1.8
url:	https://vuldb.com/?submit.560774	Trust: 1.8
url:	https://www.netgear.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4120	Trust: 1.4
url:	https://github.com/jylsec/vuldb/blob/main/netgear/netgear_jwnr2000v2/buffer_overflow-sub_4238e8-log_type/readme.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.306600	Trust: 1.0

sources: CNVD: CNVD-2025-10402 // JVNDB: JVNDB-2025-005029 // NVD: CVE-2025-4120

SOURCES

db:	CNVD	id:	CNVD-2025-10402
db:	JVNDB	id:	JVNDB-2025-005029
db:	NVD	id:	CVE-2025-4120

LAST UPDATE DATE

2025-05-23T23:28:10.861000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10402	date:	2025-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2025-005029	date:	2025-05-15T06:50:00
db:	NVD	id:	CVE-2025-4120	date:	2025-05-13T20:28:48.900

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10402	date:	2025-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-005029	date:	2025-05-15T00:00:00
db:	NVD	id:	CVE-2025-4120	date:	2025-04-30T14:15:31.200