PT-2025-18329 · NetGear · Netgear Ex6120
54357
·
Published
2025-04-17
·
Updated
2025-06-23
·
CVE-2025-4139
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Netgear EX6120 version 1.0.0.68
Description
A critical vulnerability was found in the
fwAcosCgiInbound function. The manipulation of the host argument leads to a buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.Recommendations
For Netgear EX6120 version 1.0.0.68, as a temporary workaround, consider restricting access to the
fwAcosCgiInbound function to minimize the risk of exploitation. Avoid using the host argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Ex6120