CVE-2006-6125

NetGear WG311v1 - Heap-Based Buffer Overflow via 802.11 Management Frame with Long SSID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6125. PoCs published by Laurent Butti.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow in the NetGear WG311v1 wireless driver (WG311ND5.SYS) by sending malformed probe response frames with an overly long SSID field. It is designed to cause a denial-of-service (DoS) by crashing the kernel, with potential for remote code execution (RCE) in development.

Description

Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Laurent Butti · rubyremotewindows

https://www.exploit-db.com/exploits/29167

View Code ZIP pw:eip

This exploit targets a heap-based buffer overflow in the NetGear WG311v1 wireless driver (WG311ND5.SYS) by sending malformed probe response frames with an overly long SSID field. It is designed to cause a denial-of-service (DoS) by crashing the kernel, with potential for remote code execution (RCE) in development.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: NetGear WG311v1 Wireless Driver (WG311ND5.SYS) version 2.3.1.10

No auth needed

Prerequisites: Lorcon library · Linux platform with supported wireless card · Target MAC address

MITRE ATT&CK