Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Published

2023-03-29T19:15:08.407

Last Modified

2024-11-21T06:56:04.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-863
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear cax80_firmware < 2.1.3.7 Yes
Hardware netgear cax80 - No
Operating System netgear lax20_firmware < 1.1.6.34 Yes
Hardware netgear lax20 - No
Operating System netgear mr60_firmware < 1.1.6.124 Yes
Hardware netgear mr60 - No
Operating System netgear mr80_firmware < 1.1.6.14 Yes
Hardware netgear mr80 - No
Operating System netgear ms60_firmware < 1.1.6.124 Yes
Hardware netgear ms60 - No
Operating System netgear ms80_firmware < 1.1.6.14 Yes
Hardware netgear ms80 - No
Operating System netgear r6400_firmware < 1.0.1.78 Yes
Hardware netgear r6400 - No
Operating System netgear r6400_firmware < 1.0.4.126 Yes
Hardware netgear r6400 v2 No
Operating System netgear r6700_firmware < 1.0.4.126 Yes
Hardware netgear r6700 v3 No
Operating System netgear r6900p_firmware < 1.3.3.148 Yes
Hardware netgear r6900p - No
Operating System netgear r7000_firmware < 1.0.11.134 Yes
Hardware netgear r7000 - No
Operating System netgear r7000p_firmware < 1.3.3.148 Yes
Hardware netgear r7000p - No
Operating System netgear r7850_firmware < 1.0.5.84 Yes
Hardware netgear r7850 - No
Operating System netgear r7900p_firmware < 1.4.3.88 Yes
Hardware netgear r7900p - No
Operating System netgear r7960p_firmware < 1.4.3.88 Yes
Hardware netgear r7960p - No
Operating System netgear r8000_firmware < 1.0.4.84 Yes
Hardware netgear r8000 - No
Operating System netgear r8000p_firmware < 1.4.3.88 Yes
Hardware netgear r8000p - No
Operating System netgear r8500_firmware < 1.0.2.158 Yes
Hardware netgear r8500 - No
Operating System netgear rax15_firmware < 1.0.10.110 Yes
Hardware netgear rax15 - No
Operating System netgear rax20_firmware < 1.0.10.110 Yes
Hardware netgear rax20 - No
Operating System netgear rax200_firmware < 1.0.6.138 Yes
Hardware netgear rax200 - No
Operating System netgear rax35_firmware < 1.0.10.110 Yes
Hardware netgear rax35 v2 No
Operating System netgear rax38_firmware < 1.0.10.110 Yes
Hardware netgear rax38 v2 No
Operating System netgear rax40_firmware < 1.0.10.110 Yes
Hardware netgear rax40 v2 No
Operating System netgear rax42_firmware < 1.0.10.110 Yes
Hardware netgear rax42 - No
Operating System netgear rax43_firmware < 1.0.10.110 Yes
Hardware netgear rax43 - No
Operating System netgear rax45_firmware < 1.0.10.110 Yes
Hardware netgear rax45 - No
Operating System netgear rax48_firmware < 1.0.10.110 Yes
Hardware netgear rax48 - No
Operating System netgear rax50_firmware < 1.0.10.110 Yes
Hardware netgear rax50 - No
Operating System netgear rax50s_firmware < 1.0.10.110 Yes
Hardware netgear rax50s - No
Operating System netgear rax75_firmware < 1.0.6.138 Yes
Hardware netgear rax75 - No
Operating System netgear rax80_firmware < 1.0.6.138 Yes
Hardware netgear rax80 - No
Operating System netgear rs400_firmware < 1.5.1.86 Yes
Hardware netgear rs400 - No
Operating System netgear r7100lg_firmware < 1.0.0.76 Yes
Hardware netgear r7100lg - No
References