Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

Published

2023-03-29T19:15:08.327

Last Modified

2024-11-21T06:56:04.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear d7800_firmware < 1.0.1.68 Yes
Hardware netgear d7800 - No
Operating System netgear ex6200_firmware < 1.0.1.90 Yes
Hardware netgear ex6200 v2 No
Operating System netgear ex8000_firmware < 1.0.1.240 Yes
Hardware netgear ex8000 - No
Operating System netgear r6220_firmware < 1.1.0.112 Yes
Hardware netgear r6220 - No
Operating System netgear r6230_firmware < 1.1.0.112 Yes
Hardware netgear r6230 - No
Operating System netgear r6400_firmware < 1.0.4.122 Yes
Hardware netgear r6400 v2 No
Operating System netgear r6700_firmware < 1.0.4.122 Yes
Hardware netgear r6700 v3 No
Operating System netgear r7000_firmware < 1.0.11.130 Yes
Hardware netgear r7000 - No
Operating System netgear r7800_firmware < 1.0.2.90 Yes
Hardware netgear r7800 - No
References