← Back

CVE-2022-27642

nvd nist
Published: Mar 29, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Affected (34)

Netgear
33 products
Cax80 Firmware
Lax20 Firmware
Mr60 Firmware
Mr80 Firmware
Ms60 Firmware
Ms80 Firmware
R6400 Firmware
R6700 Firmware
R6900p Firmware
R7000 Firmware
R7000p Firmware
R7850 Firmware
R7900p Firmware
R7960p Firmware
R8000 Firmware
R8000p Firmware
R8500 Firmware
Rax15 Firmware
Rax20 Firmware
Rax200 Firmware
Rax35 Firmware
Rax38 Firmware
Rax40 Firmware
Rax42 Firmware
Rax43 Firmware
Rax45 Firmware
Rax48 Firmware
Rax50 Firmware
Rax50s Firmware
Rax75 Firmware
Rax80 Firmware
Rs400 Firmware
R7100lg Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cax80 Firmware
Before 2.1.3.7
Running on/withPlatform Versions
Netgear
Cax80
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lax20 Firmware
Before 1.1.6.34
Running on/withPlatform Versions
Netgear
Lax20
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mr60 Firmware
Before 1.1.6.124
Running on/withPlatform Versions
Netgear
Mr60
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mr80 Firmware
Before 1.1.6.14
Running on/withPlatform Versions
Netgear
Mr80
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ms60 Firmware
Before 1.1.6.124
Running on/withPlatform Versions
Netgear
Ms60
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ms80 Firmware
Before 1.1.6.14
Running on/withPlatform Versions
Netgear
Ms80
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6400 Firmware
Before 1.0.1.78
Running on/withPlatform Versions
Netgear
R6400
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6400 Firmware
Before 1.0.4.126
Running on/withPlatform Versions
Netgear
R6400
Version v2
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6700 Firmware
Before 1.0.4.126
Running on/withPlatform Versions
Netgear
R6700
Version v3
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6900p Firmware
Before 1.3.3.148
Running on/withPlatform Versions
Netgear
R6900p
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7000 Firmware
Before 1.0.11.134
Running on/withPlatform Versions
Netgear
R7000
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7000p Firmware
Before 1.3.3.148
Running on/withPlatform Versions
Netgear
R7000p
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7850 Firmware
Before 1.0.5.84
Running on/withPlatform Versions
Netgear
R7850
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7900p Firmware
Before 1.4.3.88
Running on/withPlatform Versions
Netgear
R7900p
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7960p Firmware
Before 1.4.3.88
Running on/withPlatform Versions
Netgear
R7960p
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8000 Firmware
Before 1.0.4.84
Running on/withPlatform Versions
Netgear
R8000
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8000p Firmware
Before 1.4.3.88
Running on/withPlatform Versions
Netgear
R8000p
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R8500 Firmware
Before 1.0.2.158
Running on/withPlatform Versions
Netgear
R8500
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax15 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax15
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax20 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax20
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax200 Firmware
Before 1.0.6.138
Running on/withPlatform Versions
Netgear
Rax200
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax35 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax35
Version v2
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax38 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax38
Version v2
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax40 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax40
Version v2
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax42 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax42
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax43 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax43
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax45 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax45
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax48 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax48
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax50 Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax50
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax50s Firmware
Before 1.0.10.110
Running on/withPlatform Versions
Netgear
Rax50s
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax75 Firmware
Before 1.0.6.138
Running on/withPlatform Versions
Netgear
Rax75
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax80 Firmware
Before 1.0.6.138
Running on/withPlatform Versions
Netgear
Rax80
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rs400 Firmware
Before 1.5.1.86
Running on/withPlatform Versions
Netgear
Rs400
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R7100lg Firmware
Before 1.0.0.76
Running on/withPlatform Versions
Netgear
R7100lg
All versions

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.