Design/Logic Flaw

2023-03-2919:15:00

PRIOn knowledge base

www.prio-n.com

network-adjacent attackers

arbitrary code execution

authentication bypass

handling flaw

validation issue

system call

0.0005 Low

EPSS

Percentile

18.2%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

CPENameOperatorVersion
cax80_firmwarelt2.1.3.7
lax20_firmwarelt1.1.6.34
mr60_firmwarelt1.1.6.124
mr80_firmwarelt1.1.6.14
ms60_firmwarelt1.1.6.124
ms80_firmwarelt1.1.6.14
r6400_firmwarelt1.0.1.78
r6400_firmwarelt1.0.4.126
r6700_firmwarelt1.0.4.126
r6900p_firmwarelt1.3.3.148

Name	Operator	Version
cax80_firmware	lt	2.1.3.7
lax20_firmware	lt	1.1.6.34
mr60_firmware	lt	1.1.6.124
mr80_firmware	lt	1.1.6.14
ms60_firmware	lt	1.1.6.124
ms80_firmware	lt	1.1.6.14
r6400_firmware	lt	1.0.1.78
r6400_firmware	lt	1.0.4.126
r6700_firmware	lt	1.0.4.126
r6900p_firmware	lt	1.3.3.148