Description
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.netgear.com/about/security/
Vendor Advisory x_refsource_misc
https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/doudoudedi/Netgear_product_stack_overflow/blob/main/NETGEAR%20EX%20series%20upnpd%20stack_overflow.md
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (4)
netgear/cax80_firmware
2.1.2.6
netgear/dc112a_firmware
1.0.0.62
netgear/ex6100_firmware
201.0.2.28
netgear/ex6200_firmware
Published
Mar 18, 2022
Tracked Since
Feb 18, 2026