Security researchers have disclosed three critical vulnerabilities in Netgear’s EX6200 wireless routers, enabling attackers to remotely compromise devices, execute malicious code, and potentially steal sensitive data.

The flaws, tracked as CVE-2025-4148, CVE-2025-4149, and CVE-2025-4150, affect firmware version 1.0.3.94 and stem from buffer overflow issues in specific functions handling the host argument.

Netgear EX6200 Vulnerabilities

All three vulnerabilities involve buffer overflow weaknesses in the router’s firmware, allowing attackers to overwrite memory and execute arbitrary code remotely.

• CVE-2025-4148: Affects the sub_503FC function, where improper validation of the host input enables attackers to trigger a buffer overflow. This could lead to a full device takeover.
• CVE-2025-4149: Impacts sub_54014, another function that mishandles the host parameter. Exploiting this flaw could let attackers bypass security controls and install malware.
• CVE-2025-4150: Targets sub_54340, with similar exploitation methods. Successful attacks could grant unauthorized access to network traffic and stored credentials.

The vulnerabilities share a CVSS v3.1 score of 8.8 (High severity), highlighting their potential for widespread damage. Notably, Netgear was alerted to these issues but has not yet released patches or public statements.

Exploiting these flaws requires no physical access or user interaction, making them particularly dangerous. Attackers could:

• Hijack router configurations to redirect traffic to malicious sites.
• Intercept sensitive data such as login credentials, financial information, or IoT device communications.
• Deploy ransomware or botnet malware to leverage compromised routers for larger-scale attacks.

The lack of authentication requirements means even minimally skilled threat actors could weaponize these vulnerabilities.

Until official patches are available, users should:

1. Monitor Netgear’s firmware updates page for fixes and apply them immediately.
2. Disable remote management features to reduce attack surfaces.
3. Segment networks to isolate critical devices from vulnerable routers.

Security analysts urge organizations using EX6200 routers in enterprise settings to consider temporary replacements if high-value data is at risk.

The Cybersecurity and Infrastructure Security Agency (CISA) is expected to add these CVEs to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to remediate them promptly. Independent researchers have published proof-of-concept exploit details on GitHub, underscoring the urgency for mitigation.

These vulnerabilities underscore the critical need for robust firmware validation in IoT devices. Netgear EX6200 users must remain vigilant, as threat actors are likely to target unpatched routers.

Regular firmware updates and proactive network monitoring are essential to mitigating risks in an increasingly connected landscape.

Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.