Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Published

2023-03-29T19:15:08.563

Last Modified

2024-11-21T06:56:05.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	r6400_firmware	< 1.0.4.126	Yes
Hardware	netgear	r6400	v2	No
Operating System	netgear	r6700_firmware	< 1.0.4.126	Yes
Hardware	netgear	r6700	v3	No
Operating System	netgear	r6900p_firmware	< 1.3.3.148	Yes
Hardware	netgear	r6900p	-	No
Operating System	netgear	r7000_firmware	< 1.0.11.134	Yes
Hardware	netgear	r7000	-	No
Operating System	netgear	r7000p_firmware	< 1.3.3.148	Yes
Hardware	netgear	r7000p	-	No
Operating System	netgear	r7850_firmware	< 1.0.5.84	Yes
Hardware	netgear	r7850	-	No
Operating System	netgear	r7960p_firmware	< 1.4.3.88	Yes
Hardware	netgear	r7960p	-	No
Operating System	netgear	r8000_firmware	< 1.0.4.84	Yes
Hardware	netgear	r8000	-	No
Operating System	netgear	r8000p_firmware	< 1.4.3.88	Yes
Hardware	netgear	r8000p	-	No
Operating System	netgear	rax200_firmware	< 1.0.6.138	Yes
Hardware	netgear	rax200	-	No
Operating System	netgear	rax75_firmware	< 1.0.6.138	Yes
Hardware	netgear	rax75	-	No
Operating System	netgear	rax80_firmware	< 1.0.6.138	Yes
Hardware	netgear	rax80	-	No
Operating System	netgear	rs400_firmware	< 1.5.1.86	Yes
Hardware	netgear	rs400	-	No
Operating System	netgear	cbr40_firmware	< 2.5.0.28	Yes
Hardware	netgear	cbr40	-	No
Operating System	netgear	lbr1020_firmware	< 2.7.4.2	Yes
Hardware	netgear	lbr1020	-	No
Operating System	netgear	lbr20_firmware	< 2.7.4.2	Yes
Hardware	netgear	lbr20	-	No
Operating System	netgear	rbr10_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr10	-	No
Operating System	netgear	rbr20_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr20	-	No
Operating System	netgear	rbr40_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr40	-	No
Operating System	netgear	rbr50_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbr50	-	No
Operating System	netgear	rbs10_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs10	-	No
Operating System	netgear	rbs20_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs20	-	No
Operating System	netgear	rbs40_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs40	-	No
Operating System	netgear	rbs50_firmware	< 2.7.4.24	Yes
Hardware	netgear	rbs50	-	No

References

https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-520/ Third Party Advisory, VDB Entry ([email protected])
https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-520/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)