Netgear EX6120 fwAcosCgiInbound buffer overflow
Description
A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Critical buffer overflow in Netgear EX6120 firmware 1.0.0.68 via fwAcosCgiInbound allows remote unauthenticated exploitation.
Vulnerability
A critical buffer overflow vulnerability exists in Netgear EX6120 firmware version 1.0.0.68 within the fwAcosCgiInbound function. The manipulation of the host argument leads to a buffer overflow, allowing an attacker to overwrite adjacent memory. The vulnerability is remotely exploitable without authentication. The vendor was contacted but did not respond [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the affected device, providing an overly long host parameter to the fwAcosCgiInbound function. No authentication or prior access is required; the attack can be launched over the network from any location.
Impact
Successful exploitation of the buffer overflow can lead to arbitrary code execution at the privilege level of the affected service, likely resulting in full compromise of the device. Alternatively, it may cause a denial of service by crashing the service. The exact impact depends on the attacker's payload and the memory layout.
Mitigation
As of the publication date (2025-04-30), no official patch or firmware update has been released by Netgear. The vendor did not respond to the disclosure [1]. Users should consider isolating the device from untrusted networks or replacing it with a supported model. No workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- vuldb.commitrethird-party-advisory
- github.com/jylsec/vuldb/blob/main/Netgear/netgear_ex6120/Buffer_overflow-fwAcosCgiInbound-port_end/README.mdmitrerelated
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
- www.netgear.commitreproduct
News mentions
0No linked articles in our index yet.