CVE-2022-27645
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
Affected (23)
Products: Netgear: Lax20 Firmware, R6400 Firmware, R6700 Firmware, R7000 Firmware, R7850 Firmware, R7900p Firmware, R7960p Firmware, R8000 Firmware, R8000p Firmware, R8500 Firmware, Rax15 Firmware, Rax20 Firmware, Rax200 Firmware, Rax35 Firmware, Rax38 Firmware, Rax40 Firmware, Rax42 Firmware, Rax43 Firmware, Rax45 Firmware, Rax48 Firmware, Rax50 Firmware, Rax50s Firmware, Rax75 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.1.6.34 |
| Running on/with | Platform Versions |
|---|---|
Netgear Lax20 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.4.126 |
| Running on/with | Platform Versions |
|---|---|
Netgear R6400 | Version v2 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.4.126 |
| Running on/with | Platform Versions |
|---|---|
Netgear R6700 | Version v3 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.11.134 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7000 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.5.84 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7850 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.4.3.88 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7900p | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.4.3.88 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7960p | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.4.84 |
| Running on/with | Platform Versions |
|---|---|
Netgear R8000 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.4.3.88 |
| Running on/with | Platform Versions |
|---|---|
Netgear R8000p | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.158 |
| Running on/with | Platform Versions |
|---|---|
Netgear R8500 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax15 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax20 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.6.138 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax200 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax35 | Version v2 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax38 | Version v2 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax40 | Version v2 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax42 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax43 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax45 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax48 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax50 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.10.110 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax50s | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.6.138 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax75 | All versions |
Related CWEs
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-697
Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
References (4)
Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Timeline
No history available yet.