CVE-2022-27643

Published: Mar 29, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

Affected (28)

Products: Netgear: R6400 Firmware, R6700 Firmware, R6900p Firmware, R7000 Firmware, R7000p Firmware, R7850 Firmware, R7900p Firmware, R7960p Firmware, R8000 Firmware, R8000p Firmware, R8500 Firmware, Rax200 Firmware, Rax75 Firmware, Rax80 Firmware, Rs400 Firmware, R7100lg Firmware, Wndr3400 Firmware, Wnr3500l Firmware, Xr300 Firmware, Dc112a Firmware, D6220 Firmware, D6400 Firmware, Ex3700 Firmware, Ex3800 Firmware, Ex6120 Firmware, Ex6130 Firmware, D7000v2 Firmware

27 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.1.78

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.4.126

Running on/with	Platform Versions
Netgear R6400	Version v2

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Before 1.0.4.126

Running on/with	Platform Versions
Netgear R6700	Version v3

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	Before 1.3.3.148

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	Before 1.0.11.134

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	Before 1.3.3.148

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7850 Firmware	Before 1.0.5.84

Running on/with	Platform Versions
Netgear R7850	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900p Firmware	Before 1.4.3.88

Running on/with	Platform Versions
Netgear R7900p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7960p Firmware	Before 1.4.3.88

Running on/with	Platform Versions
Netgear R7960p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Before 1.0.4.84

Running on/with	Platform Versions
Netgear R8000	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000p Firmware	Before 1.4.3.88

Running on/with	Platform Versions
Netgear R8000p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	Before 1.0.2.158

Running on/with	Platform Versions
Netgear R8500	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax200 Firmware	Before 1.0.6.138

Running on/with	Platform Versions
Netgear Rax200	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax75 Firmware	Before 1.0.6.138

Running on/with	Platform Versions
Netgear Rax75	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax80 Firmware	Before 1.0.6.138

Running on/with	Platform Versions
Netgear Rax80	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rs400 Firmware	Before 1.5.1.86

Running on/with	Platform Versions
Netgear Rs400	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7100lg Firmware	Before 1.0.0.76

Running on/with	Platform Versions
Netgear R7100lg	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3400 Firmware	Before 1.0.1.44

Running on/with	Platform Versions
Netgear Wndr3400	Version v3

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr3500l Firmware	Before 1.2.0.72

Running on/with	Platform Versions
Netgear Wnr3500l	Version v2

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Xr300 Firmware	Before 1.0.3.72

Running on/with	Platform Versions
Netgear Xr300	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dc112a Firmware	Before 1.0.0.64

Running on/with	Platform Versions
Netgear Dc112a	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6220 Firmware	Before 1.0.0.80

Running on/with	Platform Versions
Netgear D6220	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6400 Firmware	Before 1.0.0.114

Running on/with	Platform Versions
Netgear D6400	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3700 Firmware	Before 1.0.0.96

Running on/with	Platform Versions
Netgear Ex3700	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3800 Firmware	Before 1.0.0.96

Running on/with	Platform Versions
Netgear Ex3800	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6120 Firmware	Before 1.0.0.68

Running on/with	Platform Versions
Netgear Ex6120	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6130 Firmware	Before 1.0.0.48

Running on/with	Platform Versions
Netgear Ex6130	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D7000v2 Firmware	Before 1.0.0.80

Running on/with	Platform Versions
Netgear D7000v2	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323

Source: zdi-disclosures@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-519/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-519/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.