Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-27646
HistoryMar 29, 2023 - 7:15 p.m.

CVE-2022-27646

2023-03-2919:15:08
CWE-121
[email protected]
web.nvd.nist.gov
netgear
r6700v3
buffer overflow
stack-based
authentication bypass
zdi-can-15879

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.8%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Affected configurations

NVD
Node
netgearr6400_firmwareRange<1.0.4.126
AND
netgearr6400Matchv2
Node
netgearr6700_firmwareRange<1.0.4.126
AND
netgearr6700Matchv3
Node
netgearr6900p_firmwareRange<1.3.3.148
AND
netgearr6900pMatch-
Node
netgearr7000_firmwareRange<1.0.11.134
AND
netgearr7000Match-
Node
netgearr7000p_firmwareRange<1.3.3.148
AND
netgearr7000pMatch-
Node
netgearr7850_firmwareRange<1.0.5.84
AND
netgearr7850Match-
Node
netgearr7960p_firmwareRange<1.4.3.88
AND
netgearr7960pMatch-
Node
netgearr8000_firmwareRange<1.0.4.84
AND
netgearr8000Match-
Node
netgearr8000p_firmwareRange<1.4.3.88
AND
netgearr8000pMatch-
Node
netgearrax200_firmwareRange<1.0.6.138
AND
netgearrax200Match-
Node
netgearrax75_firmwareRange<1.0.6.138
AND
netgearrax75Match-
Node
netgearrax80_firmwareRange<1.0.6.138
AND
netgearrax80Match-
Node
netgearrs400_firmwareRange<1.5.1.86
AND
netgearrs400Match-
Node
netgearcbr40_firmwareRange<2.5.0.28
AND
netgearcbr40Match-
Node
netgearlbr1020_firmwareRange<2.7.4.2
AND
netgearlbr1020Match-
Node
netgearlbr20_firmwareRange<2.7.4.2
AND
netgearlbr20Match-
Node
netgearrbr10_firmwareRange<2.7.4.24
AND
netgearrbr10Match-
Node
netgearrbr20_firmwareRange<2.7.4.24
AND
netgearrbr20Match-
Node
netgearrbr40_firmwareRange<2.7.4.24
AND
netgearrbr40Match-
Node
netgearrbr50_firmwareRange<2.7.4.24
AND
netgearrbr50Match-
Node
netgearrbs10_firmwareRange<2.7.4.24
AND
netgearrbs10Match-
Node
netgearrbs20_firmwareRange<2.7.4.24
AND
netgearrbs20Match-
Node
netgearrbs40_firmwareRange<2.7.4.24
AND
netgearrbs40Match-
Node
netgearrbs50_firmwareRange<2.7.4.24
AND
netgearrbs50Match-

Related

cvelist 1
zdi 1
cve 1
prion 1
cvelist
cvelist
CVE-2022-27646
2023-03-29 00:00:00
zdi
zdi
(Pwn2Own) NETGEAR R6700v3 circled Stack-based Buffer Overflow Remote Code Execution Vulnerability
2022-03-23 00:00:00
cve
cve
CVE-2022-27646
2023-03-29 19:15:08
prion
prion
Stack overflow
2023-03-29 19:15:00

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.8%

JSON
Related for NVD:CVE-2022-27646
cvelist1zdi1cve1prion1