This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.
References
| Link | Resource |
|---|---|
| https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-544/ | Third Party Advisory VDB Entry |
| https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-544/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
History
21 Nov 2024, 06:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278 - Vendor Advisory | |
| References | () https://www.zerodayinitiative.com/advisories/ZDI-22-544/ - Third Party Advisory, VDB Entry |
05 Apr 2023, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | (MISC) https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278 - Vendor Advisory | |
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-544/ - Third Party Advisory, VDB Entry | |
| First Time |
Netgear r7800 Firmware
Netgear r6400 Netgear r6400 Firmware Netgear ex6200 Firmware Netgear d7800 Firmware Netgear r7800 Netgear ex8000 Firmware Netgear r6700 Firmware Netgear Netgear r6700 Netgear ex6200 Netgear r7000 Netgear r6220 Netgear r7000 Firmware Netgear r6230 Netgear ex8000 Netgear r6220 Firmware Netgear r6230 Firmware Netgear d7800 |
|
| CPE | cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* |
29 Mar 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-29 19:15
Updated : 2024-11-21 06:56
NVD link : CVE-2022-27641
Mitre link : CVE-2022-27641
CVE.ORG link : CVE-2022-27641
JSON object : View
Products Affected
netgear
- ex8000
- r6230
- r6220_firmware
- ex6200
- r6700_firmware
- r7800
- ex6200_firmware
- r6400_firmware
- r6400
- r7000_firmware
- d7800
- ex8000_firmware
- d7800_firmware
- r7000
- r6230_firmware
- r6220
- r7800_firmware
- r6700
CWE
CWE-190
Integer Overflow or Wraparound