CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/	Third Party Advisory VDB Entry
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:56

Type	Values Removed	Values Added
References	~~() https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 - Vendor Advisory~~	() https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 - Vendor Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-22-522/ - Third Party Advisory, VDB Entry~~	() https://www.zerodayinitiative.com/advisories/ZDI-22-522/ - Third Party Advisory, VDB Entry

28 Apr 2023, 21:15

Type	Values Removed	Values Added
Summary	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
CWE	~~CWE-697~~	CWE-306

06 Apr 2023, 17:55

Type	Values Removed	Values Added
CPE		cpe:2.3:h:netgear:rax75:-:::::::* cpe:2.3:o:netgear:r7850_firmware:::::::: cpe:2.3:h:netgear:rax50s:-:::::::* cpe:2.3:h:netgear:r7900p:-:::::::* cpe:2.3:h:netgear:rax45:-:::::::* cpe:2.3:o:netgear:rax20_firmware:::::::: cpe:2.3:o:netgear:rax35_firmware:::::::: cpe:2.3:o:netgear:rax42_firmware:::::::: cpe:2.3:h:netgear:rax40:v2:::::::* cpe:2.3:o:netgear:lax20_firmware:::::::: cpe:2.3:h:netgear:r7850:-:::::::* cpe:2.3:h:netgear:rax15:-:::::::* cpe:2.3:h:netgear:rax42:-:::::::* cpe:2.3:o:netgear:rax43_firmware:::::::: cpe:2.3:o:netgear:rax50_firmware:::::::: cpe:2.3:o:netgear:r7960p_firmware:::::::: cpe:2.3:h:netgear:lax20:-:::::::* cpe:2.3:o:netgear:r7000_firmware:::::::: cpe:2.3:o:netgear:r8000p_firmware:::::::: cpe:2.3:h:netgear:r8000p:-:::::::* cpe:2.3:o:netgear:r8500_firmware:::::::: cpe:2.3:h:netgear:rax50:-:::::::* cpe:2.3:h:netgear:r6400:v2:::::::* cpe:2.3:h:netgear:rax35:v2:::::::* cpe:2.3:o:netgear:rax200_firmware:::::::: cpe:2.3:h:netgear:r8000:-:::::::* cpe:2.3:o:netgear:r8000_firmware:::::::: cpe:2.3:h:netgear:r6700:v3:::::::* cpe:2.3:o:netgear:r6400_firmware:::::::: cpe:2.3:h:netgear:r7960p:-:::::::* cpe:2.3:o:netgear:rax50s_firmware:::::::: cpe:2.3:o:netgear:rax75_firmware:::::::: cpe:2.3:o:netgear:rax40_firmware:::::::: cpe:2.3:o:netgear:rax45_firmware:::::::: cpe:2.3:h:netgear:rax48:-:::::::* cpe:2.3:o:netgear:rax15_firmware:::::::: cpe:2.3:h:netgear:r7000:-:::::::* cpe:2.3:o:netgear:r6700_firmware:::::::: cpe:2.3:o:netgear:r7900p_firmware:::::::: cpe:2.3:o:netgear:rax38_firmware:::::::: cpe:2.3:h:netgear:rax38:v2:::::::* cpe:2.3:o:netgear:rax48_firmware:::::::: cpe:2.3:h:netgear:rax20:-:::::::* cpe:2.3:h:netgear:rax200:-:::::::* cpe:2.3:h:netgear:r8500:-:::::::* cpe:2.3:h:netgear:rax43:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE	~~CWE-863~~	CWE-697
References	~~(MISC) https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 -~~	(MISC) https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 - Vendor Advisory
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-522/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-522/ - Third Party Advisory, VDB Entry
First Time		Netgear rax200 Netgear r6400 Netgear rax40 Firmware Netgear r6400 Firmware Netgear rax38 Netgear rax42 Netgear rax35 Netgear r7850 Netgear rax40 Netgear rax45 Netgear rax200 Firmware Netgear r6700 Netgear r7900p Netgear r8000 Firmware Netgear r8500 Firmware Netgear rax38 Firmware Netgear r7000 Netgear rax50s Netgear lax20 Firmware Netgear r8000p Firmware Netgear rax20 Netgear rax15 Netgear r8500 Netgear lax20 Netgear rax15 Firmware Netgear r8000p Netgear r7960p Netgear rax50s Firmware Netgear rax35 Firmware Netgear rax48 Firmware Netgear r6700 Firmware Netgear rax20 Firmware Netgear rax43 Netgear r7850 Firmware Netgear rax43 Firmware Netgear rax75 Firmware Netgear rax50 Firmware Netgear r7900p Firmware Netgear r7000 Firmware Netgear rax48 Netgear rax42 Firmware Netgear r8000 Netgear rax75 Netgear rax45 Firmware Netgear Netgear r7960p Firmware Netgear rax50

29 Mar 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-29 19:15

Updated : 2024-11-21 06:56

NVD link : CVE-2022-27645

Mitre link : CVE-2022-27645

CVE.ORG link : CVE-2022-27645

JSON object : View

Products Affected

netgear

rax35_firmware
rax15_firmware
rax40_firmware
r7900p_firmware
r8000p_firmware
rax50_firmware
rax40
rax50s
rax20_firmware
rax75_firmware
rax48_firmware
r6700_firmware
r7850
r8500
rax50
rax42
rax15
rax200_firmware
r6400_firmware
r7000_firmware
rax35
rax43
rax38_firmware
rax75
r7960p
r6700
rax45_firmware
rax42_firmware
lax20_firmware
rax200
rax43_firmware
r6400
r7960p_firmware
r7000
r8500_firmware
rax38
rax45
r8000
r7850_firmware
lax20
rax20
r8000p
r7900p
r8000_firmware
rax48
rax50s_firmware

CWE

CWE-306

Missing Authentication for Critical Function

CWE-697

Incorrect Comparison

8.8 /10