CVE-2022-27645

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-27645
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-03-29 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2022-27645

Mitre link : CVE-2022-27645

CVE.ORG link : CVE-2022-27645

JSON object : View

Products Affected

netgear

  • r8500_firmware
  • rax35_firmware
  • r6700
  • r7850_firmware
  • rax50s
  • rax45
  • rax40
  • rax75
  • r8000p
  • lax20_firmware
  • rax20
  • rax50
  • r7960p_firmware
  • rax35
  • rax43
  • r7900p_firmware
  • r8500
  • rax42_firmware
  • rax200_firmware
  • rax20_firmware
  • rax50s_firmware
  • r6400_firmware
  • r8000
  • rax200
  • rax15
  • r7960p
  • r8000p_firmware
  • r7000_firmware
  • r6700_firmware
  • r7850
  • rax43_firmware
  • rax48
  • r6400
  • rax38_firmware
  • rax15_firmware
  • rax45_firmware
  • rax75_firmware
  • rax38
  • r7000
  • r7900p
  • rax40_firmware
  • lax20
  • rax50_firmware
  • rax42
  • rax48_firmware
  • r8000_firmware
CWE
CWE-306

Missing Authentication for Critical Function

CWE-697

Incorrect Comparison