Unrated severityNVD Advisory· Published Apr 30, 2025· Updated Apr 30, 2025

Netgear WG302v2 ui_get_input_value command injection

CVE-2025-4135

Description

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Netgear/WG302v2llm-create2 versions
<=5.2.9+ 1 more
- (no CPE)range: <=5.2.9
- (no CPE)range: 5.2.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jylsec/vuldb/blob/main/Netgear/netgear_WG302v2/Command_injection-basic_settings_handler-static-ip-update/README.mdmitrepatch
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.netgear.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000