Lucene search

[email protected]NVD:CVE-2022-27644

HistoryMar 29, 2023 - 7:15 p.m.

CVE-2022-27644

2023-03-2919:15:08

CWE-295

[email protected]

web.nvd.nist.gov

cve-2022-27644

netgear r6700v3

https validation

arbitrary code execution

integrity compromise

zdi-can-15797

root context

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Affected configurations

NVD

Node

netgearr6400_firmwareRange<1.0.4.126

AND

netgearr6400Matchv2

Node

netgearr6700_firmwareRange<1.0.4.126

AND

netgearr6700Matchv3

Node

netgearr6900p_firmwareRange<1.3.3.148

AND

netgearr6900pMatch-

Node

netgearr7000_firmwareRange<1.0.11.134

AND

netgearr7000Match-

Node

netgearr7000p_firmwareRange<1.3.3.148

AND

netgearr7000pMatch-

Node

netgearr7850_firmwareRange<1.0.5.84

AND

netgearr7850Match-

Node

netgearr7960p_firmwareRange<1.4.3.88

AND

netgearr7960pMatch-

Node

netgearr8000_firmwareRange<1.0.4.84

AND

netgearr8000Match-

Node

netgearr8000p_firmwareRange<1.4.3.88

AND

netgearr8000pMatch-

Node

netgearrax200_firmwareRange<1.0.6.138

AND

netgearrax200Match-

Node

netgearrax75_firmwareRange<1.0.6.138

AND

netgearrax75Match-

Node

netgearrax80_firmwareRange<1.0.6.138

AND

netgearrax80Match-

Node

netgearrs400_firmwareRange<1.5.1.86

AND

netgearrs400Match-

Node

netgearcbr40_firmwareRange<2.5.0.28

AND

netgearcbr40Match-

Node

netgearlbr1020_firmwareRange<2.7.4.2

AND

netgearlbr1020Match-

Node

netgearlbr20_firmwareRange<2.7.4.2

AND

netgearlbr20Match-

Node

netgearrbr10_firmwareRange<2.7.4.24

AND

netgearrbr10Match-

Node

netgearrbr20_firmwareRange<2.7.4.24

AND

netgearrbr20Match-

Node

netgearrbr40_firmwareRange<2.7.4.24

AND

netgearrbr40Match-

Node

netgearrbr50_firmwareRange<2.7.4.24

AND

netgearrbr50Match-

Node

netgearrbs10_firmwareRange<2.7.4.24

AND

netgearrbs10Match-

Node

netgearrbs20_firmwareRange<2.7.4.24

AND

netgearrbs20Match-

Node

netgearrbs40_firmwareRange<2.7.4.24

AND

netgearrbs40Match-

Node

netgearrbs50_firmwareRange<2.7.4.24

AND

netgearrbs50Match-

References

kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324

www.zerodayinitiative.com/advisories/ZDI-22-520/

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

Related for NVD:CVE-2022-27644

zdi1 cve1 prion1 cvelist1