Buffer Overflow Vulnerability in Netgear EX6120
CVE-2025-4139

8.8HIGH

Key Information:

Vendor: Netgear
Status: EX6120
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-4139?

A buffer overflow vulnerability exists in the Netgear EX6120 model 1.0.0.68, specifically in the fwAcosCgiInbound function. This vulnerability allows remote attackers to exploit the manipulation of the 'host' argument, potentially leading to unintended behavior or unauthorized access. Despite early disclosure efforts to inform the vendor, there has been no response, highlighting a significant security concern for users of this device. Protecting your network is crucial, and administrators are encouraged to take preventative measures.

References

https://github.com/jylsec/vuldb/blob/main/Netgear/netgear...

https://vuldb.com/?ctiid.306631

https://vuldb.com/?id.306631

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025