{"id": "CVE-2022-27644", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-03-29T19:15:08.563", "references": [{"url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324", "tags": ["Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797."}], "lastModified": "2023-04-05T15:22:23.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780", "versionEndExcluding": "1.0.4.126"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1", "versionEndExcluding": "1.0.4.126"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5", "versionEndExcluding": "1.3.3.148"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A", "versionEndExcluding": "1.0.11.134"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", "versionEndExcluding": "1.3.3.148"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0", "versionEndExcluding": "1.0.5.84"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", "versionEndExcluding": "1.4.3.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99", "versionEndExcluding": "1.0.4.84"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E", "versionEndExcluding": "1.4.3.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F", "versionEndExcluding": "1.0.6.138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E", "versionEndExcluding": "1.0.6.138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD", "versionEndExcluding": "1.0.6.138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", "versionEndExcluding": "1.5.1.86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C1671BC-AB3B-493F-81F6-C38D1489BF9C", "versionEndExcluding": "2.5.0.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03942539-865D-4920-8C59-D211C6A5E97C", "versionEndExcluding": "2.7.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22C90106-692A-4574-907A-86B7BA743AEF", "versionEndExcluding": "2.7.4.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008227D9-B549-48EB-BEE5-492461CD3654", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C119E51F-AC11-48F9-85AA-29255E64F8DC", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35792D02-E5E4-41D1-9AB8-C595015A6608", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26315AA3-35C7-415F-B12E-D0081DCA5A52", "versionEndExcluding": "2.7.4.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}