Details of VAR-202504-3377

ID

VAR-202504-3377

CVE

CVE-2025-4135

TITLE

of netgear wg302v2 Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007396

DESCRIPTION

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. of netgear wg302v2 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR WG302v2 is a wireless access point from NETGEAR. NETGEAR WG302v2 has a command injection vulnerability, which is caused by the failure of the ui_get_input_value function parameter host to properly filter special characters and commands in constructing commands. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2025-4135 // JVNDB: JVNDB-2025-007396 // CNVD: CNVD-2025-10404

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10404

AFFECTED PRODUCTS

vendor:	netgear	model:	wg302v2	scope:	lte	version:	5.2.9	Trust: 1.0
vendor:	ネットギア	model:	wg302v2	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wg302v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wg302v2	scope:	lte	version:	wg302v2 firmware 5.2.9 and earlier	Trust: 0.8
vendor:	netgear	model:	wg302v2	scope:	lte	version:	<=5.2.9	Trust: 0.6

sources: CNVD: CNVD-2025-10404 // JVNDB: JVNDB-2025-007396 // NVD: CVE-2025-4135

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4135
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-007396
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-10404
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-4135
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007396
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-10404
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4135
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007396
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10404 // JVNDB: JVNDB-2025-007396 // NVD: CVE-2025-4135

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007396 // NVD: CVE-2025-4135

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4135	Trust: 3.2
db:	VULDB	id:	306626	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007396	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10404	Trust: 0.6

sources: CNVD: CNVD-2025-10404 // JVNDB: JVNDB-2025-007396 // NVD: CVE-2025-4135

REFERENCES

url:	https://vuldb.com/?id.306626	Trust: 1.8
url:	https://vuldb.com/?submit.560779	Trust: 1.8
url:	https://www.netgear.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4135	Trust: 1.4
url:	https://github.com/jylsec/vuldb/blob/main/netgear/netgear_wg302v2/command_injection-basic_settings_handler-static-ip-update/readme.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.306626	Trust: 1.0

sources: CNVD: CNVD-2025-10404 // JVNDB: JVNDB-2025-007396 // NVD: CVE-2025-4135

SOURCES

db:	CNVD	id:	CNVD-2025-10404
db:	JVNDB	id:	JVNDB-2025-007396
db:	NVD	id:	CVE-2025-4135

LAST UPDATE DATE

2025-06-29T23:20:18.066000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10404	date:	2025-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2025-007396	date:	2025-06-24T02:32:00
db:	NVD	id:	CVE-2025-4135	date:	2025-06-23T15:13:00.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10404	date:	2025-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-007396	date:	2025-06-24T00:00:00
db:	NVD	id:	CVE-2025-4135	date:	2025-04-30T18:15:48.400