Netgear EX6200 Bug Allows Remote Data Theft

Run Malicious Code: Hackers can install malware or take full control.
Steal Data: Things like passwords or private files can be accessed.
Join Botnets: The device might be used in large-scale attacks like DDoS.

Security researchers have found three serious flaws in the Netgear EX6200 Wi-Fi extender that let hackers access the device and steal data.

These issues affect firmware version 1.0.3.94 and are tracked as CVE-2025-4148, CVE-2025-4149, and CVE-2025-4150. Netgear was warned early but hasn’t responded, putting users at risk.

The EX6200 is a popular device used to improve Wi-Fi in homes and small businesses, making any security flaw a big concern—especially when it allows remote attacks.

The table below shows key details about the three security flaws:

CVE ID	Affected Device	Type of Issue	Risk Score	What It Can Do
CVE-2025-4148	Netgear EX6200 (v1.0.3.94)	Buffer overflow, memory corruption	8.8 (High)	Lets hackers run code and steal data
CVE-2025-4149	Netgear EX6200 (v1.0.3.94)	Buffer overflow, memory corruption	8.8 (High)	Allows remote access and data theft
CVE-2025-4150	Netgear EX6200 (v1.0.3.94)	Buffer overflow, memory corruption	8.8 (High)	Allows remote access and data theft

The three vulnerabilities come from how the device handles certain internal functions. If a hacker changes the “host” argument, it can cause a buffer overflow. This could let them run their own code, take over the device, or steal sensitive data.

These flaws can be triggered remotely without the user doing anything. Devices with remote access turned on or weak firewall protection are at greater risk.

All three issues are rated 8.8 (High) on the CVSS scale, showing they are serious and likely to be exploited.

What Attackers Can Do: