CVE-2025-6565

| EUVD-2025-19007 HIGH
2025-06-24 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19007
PoC Detected
Jun 26, 2025 - 18:58 vuln.today
Public exploit code
CVE Published
Jun 24, 2025 - 13:15 nvd
HIGH 8.8

Tags

Buffer Overflow Netgear Remote Code Execution

Description

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6565 is a critical stack-based buffer overflow vulnerability in Netgear WNCE3001 v1.0.0.50 affecting the HTTP POST request handler's Host parameter processing. An authenticated attacker can remotely exploit this to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploitation code exists, elevating immediate risk.

Technical Context

The vulnerability resides in the http_d component (HTTP daemon) of the Netgear WNCE3001 WiFi range extender, specifically in HTTP POST request handling. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a stack-based buffer overflow when processing the Host header field. The affected product is a network device running embedded firmware version 1.0.0.50. The HTTP server fails to implement proper bounds checking on the Host parameter before writing to a fixed-size stack buffer, allowing an unauthenticated or authenticated attacker to overflow the buffer and corrupt the stack frame, potentially leading to arbitrary code execution. This is a classic memory safety issue common in C-based embedded network services lacking input validation.

Affected Products

Netgear WNCE3001 WiFi Range Extender, firmware version 1.0.0.50. CPE identifier: cpe:2.3:o:netgear:wnce3001_firmware:1.0.0.50:*:*:*:*:*:*:*. The device is marketed as a WiFi extender/bridge supporting 802.11n connectivity. Affected hardware models include WNCE3001 (all revisions using vulnerable firmware version). No vendor advisory or patch information is currently available in public sources, suggesting the vulnerability may be zero-day or recently disclosed without coordinated mitigation.

Remediation

1. IMMEDIATE: Disconnect affected WNCE3001 devices from network until patching is available; 2. INTERIM: Restrict network access to the device's HTTP interface via firewall rules (port 80/443 ingress filtering); 3. Change default administrative credentials if accessible to reduce authentication bypass risk; 4. Monitor Netgear support pages (netgear.com/support) for firmware security updates; 5. PATCH: When available, upgrade to firmware version >1.0.0.50 (specific patched version not yet identified—contact Netgear support for ETA); 6. LONG-TERM: Consider device replacement if Netgear does not issue timely security patches, as embedded devices often lack extended support lifecycles. Vendors should implement memory-safe programming practices or stack canaries in future releases.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +44
POC: +20

Share

CVE-2025-6565 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy