CRITICAL🇵🇱 Wersja polska

CVE-2025-29044

CVSS 9.8v3.1pub. 2025-04-17upd. 2025-04-21

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value

🤖 AI Analysis
How it works

An attacker can trigger a buffer overflow by providing a crafted QUERY_STRING key value in an HTTP request directed to the router. An excessive amount of data passed in this parameter causes a stack overflow in the cgiMain component, which enables overwriting memory areas and executing malicious code (RCE).

Impact

A remote attacker without any authentication can execute arbitrary code on the device, which in practice means complete takeover of the router, modification of its configuration, interception of network traffic, or use of the device as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until firmware is updated, it is recommended to restrict access to the router's management interface exclusively from trusted hosts and to disable remote access to the administrative panel.

Who is affected

Netgear R6100 with firmware version V1.0.1.28

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear R6100

    HW
    Netgear
    wszystkie wersje
  • Netgear R6100 Firmware

    OS
    Netgear
    1.0.1.28
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2016-10174CRITICAL9.8⚠ KEVten sam produkt

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL...

CVE-2018-21153CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...

CVE-2016-11059HIGH7.5ten sam produkt

Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before...

CVE-2018-21202HIGH8.8ten sam produkt

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...

CVE-2018-21203HIGH8.8ten sam produkt

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...