Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Published

2023-03-29T19:15:08.637

Last Modified

2024-11-21T06:56:05.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-697

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	lax20_firmware	< 1.1.6.34	Yes
Hardware	netgear	lax20	-	No
Operating System	netgear	r6400_firmware	< 1.0.4.126	Yes
Hardware	netgear	r6400	v2	No
Operating System	netgear	r6700_firmware	< 1.0.4.126	Yes
Hardware	netgear	r6700	v3	No
Operating System	netgear	r7000_firmware	< 1.0.11.134	Yes
Hardware	netgear	r7000	-	No
Operating System	netgear	r7850_firmware	< 1.0.5.84	Yes
Hardware	netgear	r7850	-	No
Operating System	netgear	r7900p_firmware	< 1.4.3.88	Yes
Hardware	netgear	r7900p	-	No
Operating System	netgear	r7960p_firmware	< 1.4.3.88	Yes
Hardware	netgear	r7960p	-	No
Operating System	netgear	r8000_firmware	< 1.0.4.84	Yes
Hardware	netgear	r8000	-	No
Operating System	netgear	r8000p_firmware	< 1.4.3.88	Yes
Hardware	netgear	r8000p	-	No
Operating System	netgear	r8500_firmware	< 1.0.2.158	Yes
Hardware	netgear	r8500	-	No
Operating System	netgear	rax15_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax15	-	No
Operating System	netgear	rax20_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax20	-	No
Operating System	netgear	rax200_firmware	< 1.0.6.138	Yes
Hardware	netgear	rax200	-	No
Operating System	netgear	rax35_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax35	v2	No
Operating System	netgear	rax38_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax38	v2	No
Operating System	netgear	rax40_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax40	v2	No
Operating System	netgear	rax42_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax42	-	No
Operating System	netgear	rax43_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax43	-	No
Operating System	netgear	rax45_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax45	-	No
Operating System	netgear	rax48_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax48	-	No
Operating System	netgear	rax50_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax50	-	No
Operating System	netgear	rax50s_firmware	< 1.0.10.110	Yes
Hardware	netgear	rax50s	-	No
Operating System	netgear	rax75_firmware	< 1.0.6.138	Yes
Hardware	netgear	rax75	-	No

References

https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-522/ Third Party Advisory, VDB Entry ([email protected])
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-522/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)