54357

**Name of the Vulnerable Software and Affected Versions** Netgear JWNR2000v2 version 1.0.0.11 **Description** A critical issue was found in the function `sub 435E04`, where the manipulation of the `host` argument leads to command injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netgear JWNR2000v2 version 1.0.0.11, as a temporary workaround, consider restricting access to the `sub 435E04` function to minimize the risk of exploitation. Avoid using the `host` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear WG302v2 versions up to 5.2.9 **Description** A critical issue was found, affecting the function `ui get input value`. The manipulation of the `host` argument leads to command injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netgear WG302v2 versions up to 5.2.9, as a temporary workaround, consider restricting access to the `ui get input value` function until a patch is available. Avoid using the `host` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX6120 version 1.0.0.68 **Description** A critical vulnerability was found in the `fwAcosCgiInbound` function. The manipulation of the `host` argument leads to a buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netgear EX6120 version 1.0.0.68, as a temporary workaround, consider restricting access to the `fwAcosCgiInbound` function to minimize the risk of exploitation. Avoid using the `host` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX6120 version 1.0.3.94 **Description** A critical issue has been found, affecting the `sub 30394` function. The manipulation of the `host` argument leads to a buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netgear EX6120 version 1.0.3.94, as a temporary workaround, consider restricting access to the `sub 30394` function to minimize the risk of exploitation. Avoid using the `host` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX6200 version 1.0.3.94 **Description** A critical issue was found affecting the function sub 3C03C. The manipulation of the `host` argument leads to a buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted about this issue but did not respond. **Recommendations** For Netgear EX6200 version 1.0.3.94, as a temporary workaround, consider restricting access to the function sub 3C03C to minimize the risk of exploitation. Avoid using the `host` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX6200 version 1.0.3.94 **Description** A critical vulnerability has been found, affecting the function sub 3C8EC. The manipulation of the argument `host` leads to a buffer overflow. This issue can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netgear EX6200 version 1.0.3.94, as a temporary workaround, consider restricting access to the function sub 3C8EC until a patch is available. Avoid manipulating the `host` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.