17 matches found
EUVD-2025-12754
Malicious code in bioql PyPI...
EUVD-2023-42681
Malicious code in bioql PyPI...
The vulnerability of the ui_get_input_value() function in Netgear WG302v2 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the uigetinputvalue function in Netgear WG302v2 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
CVE-2023-38921
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...
NETGEAR WG302v2 Command Injection Vulnerability
The NETGEAR WG302v2 is a wireless access point from NETGEAR. The NETGEAR WG302v2 suffers from a command injection vulnerability that stems from the uigetinputvalue function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...
CVE-2025-4135
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...
CVE-2025-4135
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...
CVE-2025-4135
Netgear WG302v2 (up to version 5.2.9) is affected by a command-injection vulnerability in the ui_get_input_value function, caused by improper handling of the host parameter. This can be exploited remotely and does not require user interaction. Several sources (NVD, Red Hat, CNVD, CVE list mirrors...
CVE-2025-4135 Netgear WG302v2 ui_get_input_value command injection
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...
CVE-2025-4135 Netgear WG302v2 ui_get_input_value command injection
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...
NETGEAR WG302v2 注入漏洞
The NETGEAR WG302v2 is a wireless access point from NETGEAR. The NETGEAR WG302v2 suffers from a command injection vulnerability that stems from the uigetinputvalue function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...
PT-2025-18305 · NetGear · Netgear Wag302V2
Name of the Vulnerable Software and Affected Versions: Netgear WG302v2 versions up to 5.2.9 Description: A critical issue was found, affecting the function ui get input value. The manipulation of the host argument leads to command injection. This issue can be exploited remotely. The vendor was...
CVE-2023-38921
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...
CVE-2023-38921
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...
Command injection
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...
CVE-2023-38921
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...
CVE-2023-38921
Netgear WG302v2 (v5.2.9) and WAG302v2 (v5.1.19) are affected by command injection vulnerabilities in the upgrade_handler function, exploitable via the firmwareRestore and firmwareServerip parameters. Root cause is improper handling of those inputs leading to potential arbitrary command execution....