Lucene search

[email protected]NVD:CVE-2022-27643

HistoryMar 29, 2023 - 7:15 p.m.

CVE-2022-27643

2023-03-2919:15:08

CWE-120

[email protected]

web.nvd.nist.gov

vulnerability

netgear

soap request

unauthorized

code execution

zdi-can-15692

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.0%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

Affected configurations

Nvd

Node

netgearr6400Match-

AND

netgearr6400_firmwareRange<1.0.1.78

Node

netgearr6400Matchv2

AND

netgearr6400_firmwareRange<1.0.4.126

Node

netgearr6700Matchv3

AND

netgearr6700_firmwareRange<1.0.4.126

Node

netgearr6900pMatch-

AND

netgearr6900p_firmwareRange<1.3.3.148

Node

netgearr7000Match-

AND

netgearr7000_firmwareRange<1.0.11.134

Node

netgearr7000p_firmwareRange<1.3.3.148

AND

netgearr7000pMatch-

Node

netgearr7850_firmwareRange<1.0.5.84

AND

netgearr7850Match-

Node

netgearr7900p_firmwareRange<1.4.3.88

AND

netgearr7900pMatch-

Node

netgearr7960p_firmwareRange<1.4.3.88

AND

netgearr7960pMatch-

Node

netgearr8000_firmwareRange<1.0.4.84

AND

netgearr8000Match-

Node

netgearr8000p_firmwareRange<1.4.3.88

AND

netgearr8000pMatch-

Node

netgearr8500_firmwareRange<1.0.2.158

AND

netgearr8500Match-

Node

netgearrax200_firmwareRange<1.0.6.138

AND

netgearrax200Match-

Node

netgearrax75_firmwareRange<1.0.6.138

AND

netgearrax75Match-

Node

netgearrax80_firmwareRange<1.0.6.138

AND

netgearrax80Match-

Node

netgearrs400_firmwareRange<1.5.1.86

AND

netgearrs400Match-

Node

netgearr7100lg_firmwareRange<1.0.0.76

AND

netgearr7100lgMatch-

Node

netgearwndr3400_firmwareRange<1.0.1.44

AND

netgearwndr3400Matchv3

Node

netgearwnr3500l_firmwareRange<1.2.0.72

AND

netgearwnr3500lMatchv2

Node

netgearxr300_firmwareRange<1.0.3.72

AND

netgearxr300Match-

Node

netgeardc112a_firmwareRange<1.0.0.64

AND

netgeardc112aMatch-

Node

netgeard6220_firmwareRange<1.0.0.80

AND

netgeard6220Match-

Node

netgeard6400_firmwareRange<1.0.0.114

AND

netgeard6400Match-

Node

netgearex3700_firmwareRange<1.0.0.96

AND

netgearex3700Match-

Node

netgearex3800_firmwareRange<1.0.0.96

AND

netgearex3800Match-

Node

netgearex6120_firmwareRange<1.0.0.68

AND

netgearex6120Match-

Node

netgearex6130_firmwareRange<1.0.0.48

AND

netgearex6130Match-

Node

netgeard7000v2_firmwareRange<1.0.0.80

AND

netgeard7000v2Match-

VendorProductVersionCPE
netgearr6400-cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*
netgearr6400_firmware*cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
netgearr6400v2cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*
netgearr6700v3cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*
netgearr6700_firmware*cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
netgearr6900p-cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*
netgearr6900p_firmware*cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
netgearr7000-cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
netgearr7000_firmware*cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
netgearr7000p_firmware*cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r6400	-	cpe:2.3:h:netgear:r6400:-:::::::*
netgear	r6400_firmware	*	cpe:2.3:o:netgear:r6400_firmware::::::::
netgear	r6400	v2	cpe:2.3:h:netgear:r6400:v2:::::::*
netgear	r6700	v3	cpe:2.3:h:netgear:r6700:v3:::::::*
netgear	r6700_firmware	*	cpe:2.3:o:netgear:r6700_firmware::::::::
netgear	r6900p	-	cpe:2.3:h:netgear:r6900p:-:::::::*
netgear	r6900p_firmware	*	cpe:2.3:o:netgear:r6900p_firmware::::::::
netgear	r7000	-	cpe:2.3:h:netgear:r7000:-:::::::*
netgear	r7000_firmware	*	cpe:2.3:o:netgear:r7000_firmware::::::::
netgear	r7000p_firmware	*	cpe:2.3:o:netgear:r7000p_firmware::::::::

Rows per page:

1-10 of 551

References

kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323

www.zerodayinitiative.com/advisories/ZDI-22-519/

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.0%

JSON

Related for NVD:CVE-2022-27643

zdi1 prion1 cvelist1 cve1