Primary

Context

Netgear EX6120 Buffer Overflow Vulnerability in fwAcosCgiInbound Function

Vulnerability

A critical buffer overflow vulnerability has been identified in the Netgear EX6120 wireless range extender, specifically in version 1.0.0.68. The issue arises in the fwAcosCgiInbound function, where the 'host' argument is manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, as the input length is not properly validated before being copied, allowing for potential arbitrary code execution or causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the device's web interface that includes a 'host' parameter. The lack of input validation allows for a buffer overflow to occur, potentially overwriting memory and leading to arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear EX6120 Buffer Overflow Vulnerability in fwAcosCgiInbound Function

Vulnerability

Impact

Reproduction

Affected Products

Netgear EX6120

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating