Details of VAR-202506-0506

ID

VAR-202506-0506

CVE

CVE-2025-5934

TITLE

of netgear EX3700 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007329

DESCRIPTION

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. of netgear EX3700 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR EX3700 is a dual-band wireless access point with a maximum transmission rate of 750Mbps. The vulnerability is caused by the lack of proper validation of user-supplied data in the function sub_41619C in the file /mtd. Attackers can exploit this vulnerability to cause a read beyond the end of the allocated buffer

Trust: 2.16

sources: NVD: CVE-2025-5934 // JVNDB: JVNDB-2025-007329 // CNVD: CNVD-2025-13416

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13416

AFFECTED PRODUCTS

vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.88	Trust: 1.0
vendor:	ネットギア	model:	ex3700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3700	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex3700	scope:	eq	version:	ex3700 firmware 1.0.0.88	Trust: 0.8
vendor:	netgear	model:	ex3700	scope:	lte	version:	<=1.0.0.88	Trust: 0.6

sources: CNVD: CNVD-2025-13416 // JVNDB: JVNDB-2025-007329 // NVD: CVE-2025-5934

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5934
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007329
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13416
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5934
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007329
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13416
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5934
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007329
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13416 // JVNDB: JVNDB-2025-007329 // NVD: CVE-2025-5934

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007329 // NVD: CVE-2025-5934

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5934	Trust: 3.2
db:	VULDB	id:	311712	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007329	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13416	Trust: 0.6

sources: CNVD: CNVD-2025-13416 // JVNDB: JVNDB-2025-007329 // NVD: CVE-2025-5934

REFERENCES

url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-ex3700-netgear	Trust: 2.4
url:	https://github.com/xiaobor123/vul-finds/tree/main/vul-find-ex3700-netgear#poc	Trust: 1.8
url:	https://vuldb.com/?id.311712	Trust: 1.8
url:	https://vuldb.com/?submit.588258	Trust: 1.8
url:	https://www.netgear.com/	Trust: 1.8
url:	https://vuldb.com/?ctiid.311712	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5934	Trust: 0.8

sources: CNVD: CNVD-2025-13416 // JVNDB: JVNDB-2025-007329 // NVD: CVE-2025-5934

SOURCES

db:	CNVD	id:	CNVD-2025-13416
db:	JVNDB	id:	JVNDB-2025-007329
db:	NVD	id:	CVE-2025-5934

LAST UPDATE DATE

2025-06-26T23:20:45.734000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13416	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-007329	date:	2025-06-23T01:29:00
db:	NVD	id:	CVE-2025-5934	date:	2025-06-20T13:11:11.560

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13416	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-007329	date:	2025-06-23T00:00:00
db:	NVD	id:	CVE-2025-5934	date:	2025-06-10T04:15:55.327