Multiple vulnerabilities in Netgear EX6200 Wi-Fi range extender

Security researchers are reporting three near-critical vulnerabilities affecting the Netgear EX6200 Wi-Fi range extender. These vulnerabilities could allow remote code execution, access to sensitive data like network credentials and passwords, or adding the device to a botnet for DDoS campaigns or other malicious activity.

• CVE-2025-4148 (CVSS score: 8.8): Buffer overflow vulnerability in the sub_503FC function due to improper validation of the host input parameter.
• CVE-2025-4149 (CVSS score: 8.8): Similar buffer overflow in the sub_54014 function that mishandles the host parameter.
• CVE-2025-4150 (CVSS score: 8.8): Buffer overflow in the sub_54340 function with similar exploitation methods.

All three vulnerabilities stem from improper handling of arguments passed to specific internal functions. When an attacker manipulates the host argument, it triggers a buffer overflow—potentially allowing arbitrary code execution, full device compromise, or theft of sensitive data transiting through or stored on the device.

The flaws can be triggered remotely without user interaction, making them especially dangerous for devices exposed to the internet like those configured for remote management or not properly secured with firewalls.

The vulnerabilities affect firmware version 1.0.3.94 and are tracked as:

Netgear has yet to respond to these reports or issue patches, leaving users exposed. Independent researchers announced via GitHub that there is a proof-of-concept exploit, but withheld details. "Due to legal and policy reasons, we are unable to provide the exploit for this vulnerability at this time."

Until Netgear releases a fix, users should restrict external access by disabling remote configuration options and isolate the device from any public access. Users should also consider temporary replacements in enterprise settings if high-value data is at risk