Primary

Context

Netgear EX6100 Stack-Based Buffer Overflow Vulnerability

Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the Netgear EX6100 wireless range extender, specifically in version 1.0.2.28_1.1.138. This vulnerability arises from improper input handling in the function sub_415EF8, where the strcat function is used without sufficient bounds checking. The issue can be exploited remotely, during the parsing of a user's GET request that includes the 'GET kernel_log' header.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

To reproduce this vulnerability, send a GET request to the Netgear EX6100 that includes the 'GET kernel_log' header. The device's firmware version must be 1.0.2.28_1.1.138.

Added: Jun 23, 2025, 4:24 PM

Updated: Jun 23, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear EX6100 Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Netgear EX6100

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating