CVE-2022-27645

CVSS V2 None CVSS V3 None

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Overview

CVE ID
CVE-2022-27645

Assigner
zdi-disclosures@trendmicro.com

Vulnerability Status
Analyzed

Published Version
2023-03-29T19:15:08

Last Modified Date
2023-04-06T17:55:14

Weakness Enumerations

CWE	URL
CWE-697	http://cwe.mitre.org/data/definitions/697.html
CWE-863	http://cwe.mitre.org/data/definitions/863.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:netgear:lax20_firmware::::::::	1	OR	1.1.6.34
cpe:2.3:h:netgear:lax20:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r6400_firmware::::::::	1	OR	1.0.4.126
cpe:2.3:h:netgear:r6400:v2:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r6700_firmware::::::::	1	OR	1.0.4.126
cpe:2.3:h:netgear:r6700:v3:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7000_firmware::::::::	1	OR	1.0.11.134
cpe:2.3:h:netgear:r7000:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7850_firmware::::::::	1	OR	1.0.5.84
cpe:2.3:h:netgear:r7850:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7900p_firmware::::::::	1	OR	1.4.3.88
cpe:2.3:h:netgear:r7900p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7960p_firmware::::::::	1	OR	1.4.3.88
cpe:2.3:h:netgear:r7960p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r8000_firmware::::::::	1	OR	1.0.4.84
cpe:2.3:h:netgear:r8000:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r8000p_firmware::::::::	1	OR	1.4.3.88
cpe:2.3:h:netgear:r8000p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r8500_firmware::::::::	1	OR	1.0.2.158
cpe:2.3:h:netgear:r8500:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax15_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax15:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax20_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax20:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax200_firmware::::::::	1	OR	1.0.6.138
cpe:2.3:h:netgear:rax200:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax35_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax35:v2:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax38_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax38:v2:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax40_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax40:v2:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax42_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax42:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax43_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax43:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax45_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax45:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax48_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax48:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax50_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax50:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax50s_firmware::::::::	1	OR	1.0.10.110
cpe:2.3:h:netgear:rax50s:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax75_firmware::::::::	1	OR	1.0.6.138
cpe:2.3:h:netgear:rax75:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/	Third Party Advisory VDB Entry

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-27645
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27645

History

Created	Data Type	Notes
2023-04-17 03:46:39		Added to TrackCVE
2023-04-17 03:46:41	Weakness Enumeration	new
2023-04-17 05:04:35	CVSS V3 information	new