Netgear Ex6200 Firmware vulnerabilities

CVE-2025-4146 [HIGH] CWE-119 CVE-2025-4146: A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4145 [HIGH] CWE-119 CVE-2025-4145: A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This i A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4149 [HIGH] CWE-119 CVE-2025-4149: A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affec A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4147 [HIGH] CWE-119 CVE-2025-4147: A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by th A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4150 [HIGH] CWE-119 CVE-2025-4150: A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnera A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4148 [HIGH] CWE-119 CVE-2025-4148: A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this is A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4141 [HIGH] CWE-119 CVE-2025-4141: A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affect A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4142 [HIGH] CWE-119 CVE-2025-4142: A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerabi A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2021-34947 [HIGH] CWE-787 CVE-2021-34947: NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability al NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The is

CVE-2023-38926 [HIGH] CWE-120 CVE-2023-38926: Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

CVE-2023-38925 [HIGH] CWE-120 CVE-2023-38925: Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer ove Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

CVE-2022-27641 [HIGH] CWE-190 CVE-2022-27641: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can res

CVE-2021-38525 [MEDIUM] CWE-787 CVE-2021-38525: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R60

CVE-2021-38514 [LOW] CVE-2021-38514: Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, D

CVE-2020-27861 [HIGH] CWE-78 CVE-2020-27861: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from

CVE-2020-35796 [HIGH] CWE-120 CVE-2020-35796: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 befo

CVE-2020-35787 [HIGH] CWE-120 CVE-2020-35787: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D36 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.

CVE-2018-21181 [HIGH] CWE-787 CVE-2018-21181: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.28, EX2700 before 1.0.1.32, EX6200v2 before 1.0.1.56, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.52, WN3100RPv2 before 1.0.0.42, WNDR3700v4 befor

CVE-2018-21153 [CRITICAL] CWE-120 CVE-2018-21153: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7

CVE-2018-21156 [HIGH] CWE-120 CVE-2018-21156: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D62 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.38, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGN2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 be