Listen to this Post
How the CVE Works
The vulnerability in Netgear EX6120 firmware version 1.0.0.68 resides in the `fwAcosCgiInbound` function, which mishandles the `host` argument due to insufficient bounds checking. A remote attacker can exploit this flaw by sending a specially crafted HTTP request containing an overly long `host` value, triggering a buffer overflow. This could lead to arbitrary code execution or a denial-of-service condition. The lack of response from the vendor suggests no immediate patch is available, increasing exploitation risk.
DailyCVE Form
Platform: Netgear EX6120
Version: 1.0.0.68
Vulnerability: Buffer Overflow
Severity: Critical
Date: 06/23/2025
Prediction: Patch expected Q3 2025
What Undercode Say
Check firmware version
curl -I http://<TARGET_IP>/fw_version
Crash PoC (simplified)
curl -H "Host: $(python -c 'print("A"1000)')" http://<TARGET_IP>/cgi-bin/fwAcosCgiInbound
How Exploit
1. Craft HTTP request with oversized `host` header.
2. Send to `/cgi-bin/fwAcosCgiInbound`.
3. Overflow corrupts memory, enabling RCE/DoS.
Protection from this CVE
- Disable remote admin access.
- Await firmware update.
- Segment network.
Impact
- Remote code execution.
- Device compromise.
- Network infiltration.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
