Design/Logic Flaw

2023-03-2919:15:00

PRIOn knowledge base

www.prio-n.com

network-adjacent attackers

compromise integrity

downloaded information

netgear r6700v3

authentication not required

https flaw

certificate validation

arbitrary code execution

zdi-can-15797

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.2%

JSON

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

CPENameOperatorVersion
cbr40_firmwarelt2.5.0.28
lbr1020_firmwarelt2.7.4.2
lbr20_firmwarelt2.7.4.2
r6400_firmwarelt1.0.4.126
r6700_firmwarelt1.0.4.126
r6900p_firmwarelt1.3.3.148
r7000_firmwarelt1.0.11.134
r7000p_firmwarelt1.3.3.148
r7850_firmwarelt1.0.5.84
r7960p_firmwarelt1.4.3.88

Name	Operator	Version
cbr40_firmware	lt	2.5.0.28
lbr1020_firmware	lt	2.7.4.2
lbr20_firmware	lt	2.7.4.2
r6400_firmware	lt	1.0.4.126
r6700_firmware	lt	1.0.4.126
r6900p_firmware	lt	1.3.3.148
r7000_firmware	lt	1.0.11.134
r7000p_firmware	lt	1.3.3.148
r7850_firmware	lt	1.0.5.84
r7960p_firmware	lt	1.4.3.88