Netgear EX6200 Flaw Enables Remote Access and Data Theft
Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender that could allow remote attackers to gain unauthorized access and steal sensitive data.
The flaws affect firmware version 1.0.3.94 and have been assigned the CVEs CVE-2025-4148, CVE-2025-4149, and CVE-2025-4150. Despite early notification, Netgear has yet to respond to these reports, leaving users exposed.
The Netgear EX6200 is a widely used device designed to boost Wi-Fi coverage for homes and small businesses.
With its popularity comes an increased security risk when vulnerabilities emerge-especially when they enable remote code execution or data theft attacks.
The table below summarizes the key information about the three CVEs:
| CVE ID | Affected Product (Version) | CWE Type | CVSSv3 Score | Impact |
| CVE-2025-4148 | Netgear EX6200 (1.0.3.94) | CWE-120 (Buffer Overflow), CWE-119 (Memory Corruption) | 8.8 (High) | Remote code execution, data theft |
| CVE-2025-4149 | Netgear EX6200 (1.0.3.94) | CWE-120, CWE-119 | 8.8 (High) | Remote access, data theft |
| CVE-2025-4150 | Netgear EX6200 (1.0.3.94) | CWE-120, CWE-119 | 8.8 (High) | Remote access, data theft |
Technical Analysis
All three vulnerabilities stem from improper handling of arguments passed to specific internal functions (sub_503FC, sub_54014, and sub_54340).
When an attacker manipulates the host argument, it triggers a buffer overflow-potentially allowing arbitrary code execution, full device compromise, or theft of sensitive data transiting through or stored on the device.
The flaws can be triggered remotely without user interaction, making them especially dangerous for exposed devices, such as those configured for remote management or poorly secured behind weak firewalls.
Each CVE is classified as critical with CVSS scores of 8.8 (HIGH) under version 3.1, indicating the high likelihood of exploitation and severe consequences.
The vulnerabilities allow attackers to bypass most security controls, gain low-privilege access, and escalate privileges-potentially taking complete control of the device.
- Remote Code Execution: Attackers may execute arbitrary code, install malware, or pivot into internal networks.
- Data Theft: Sensitive data-such as network credentials, passwords, or private documents-can be exfiltrated.
- Botnet Enlistment: Vulnerable devices could be conscripted into botnets for DDoS campaigns or other malicious activity.
Netgear was contacted regarding these vulnerabilities but, as of publication, has not issued a patch or advisory. Users are strongly urged to disable remote management, restrict network access to the device, and monitor for updates or third-party mitigations.
- Update Firmware (if a patch becomes available).
- Restrict External Access by disabling remote configuration options.
- Segment the Network to minimize exposure.
- Monitor Device Logs for unusual or unauthorized activity.
Until Netgear releases a fix, the EX6200 remains vulnerable. Users should assess their risk, apply mitigating actions, and consider replacing or isolating affected devices.