Login Sign Up

CVE-2025-6511

8.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Netgear EX6150 firmware allows remote attackers to execute arbitrary code or crash the device. This affects Netgear EX6150 extenders running firmware version 1.0.0.46_1.0.76. The vulnerability is particularly dangerous because these products are no longer supported by the vendor.

💻 Affected Systems

Products:
  • Netgear EX6150
Versions: 1.0.0.46_1.0.76
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects end-of-life products with no vendor support. Other Netgear models or firmware versions are not affected.

📦 What is this software?

Ex6150 Firmware by Netgear

View all CVEs affecting Ex6150 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence, and potential lateral movement within the network.

🟠

Likely Case

Device crash (denial of service) or limited code execution to modify device settings.

🟢

If Mitigated

No impact if device is isolated from untrusted networks or replaced with supported hardware.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.
🏢 Internal Only: HIGH - Attackers on the local network can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept code exists in GitHub repositories. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Netgear has ended support for this product. Replace with supported hardware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EX6150 devices on separate VLANs with strict firewall rules to prevent remote access.

Disable Remote Management

all

Ensure remote management features are disabled in device settings if available.

🧯 If You Can't Patch

  • Immediately replace affected EX6150 devices with supported hardware
  • Implement strict network segmentation and firewall rules to limit device exposure

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip]/debug.htm or via serial console.

Check Version:

curl -s http://[device-ip]/debug.htm | grep 'Firmware Version'

Verify Fix Applied:

Verify device has been physically replaced with supported hardware or removed from network.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to device management interface
  • Device crash/reboot logs
  • Memory corruption errors in system logs

Network Indicators:

  • HTTP POST requests to device IP with large payloads
  • Traffic patterns matching known exploit code

SIEM Query:

source="netgear_logs" AND ("buffer overflow" OR "segmentation fault" OR "crash")

📊 Metadata

CVE ID: CVE-2025-6511
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.2% exploit probability (42.2th percentile)
Published: June 23, 2025
Last Updated: July 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6511, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)