CVE-2022-27646

CVSS V2 None CVSS V3 None

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Overview

CVE ID
CVE-2022-27646

Assigner
zdi-disclosures@trendmicro.com

Vulnerability Status
Analyzed

Published Version
2023-03-29T19:15:08

Last Modified Date
2023-04-06T17:43:22

Weakness Enumerations

CWE	URL
CWE-121	http://cwe.mitre.org/data/definitions/121.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:netgear:r6400_firmware::::::::	1	OR	1.0.4.126
cpe:2.3:h:netgear:r6400:v2:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r6700_firmware::::::::	1	OR	1.0.4.126
cpe:2.3:h:netgear:r6700:v3:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r6900p_firmware::::::::	1	OR	1.3.3.148
cpe:2.3:h:netgear:r6900p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7000_firmware::::::::	1	OR	1.0.11.134
cpe:2.3:h:netgear:r7000:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7000p_firmware::::::::	1	OR	1.3.3.148
cpe:2.3:h:netgear:r7000p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7850_firmware::::::::	1	OR	1.0.5.84
cpe:2.3:h:netgear:r7850:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r7960p_firmware::::::::	1	OR	1.4.3.88
cpe:2.3:h:netgear:r7960p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r8000_firmware::::::::	1	OR	1.0.4.84
cpe:2.3:h:netgear:r8000:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:r8000p_firmware::::::::	1	OR	1.4.3.88
cpe:2.3:h:netgear:r8000p:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax200_firmware::::::::	1	OR	1.0.6.138
cpe:2.3:h:netgear:rax200:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax75_firmware::::::::	1	OR	1.0.6.138
cpe:2.3:h:netgear:rax75:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rax80_firmware::::::::	1	OR	1.0.6.138
cpe:2.3:h:netgear:rax80:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rs400_firmware::::::::	1	OR	1.5.1.86
cpe:2.3:h:netgear:rs400:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:cbr40_firmware::::::::	1	OR	2.5.0.28
cpe:2.3:h:netgear:cbr40:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:lbr1020_firmware::::::::	1	OR	2.7.4.2
cpe:2.3:h:netgear:lbr1020:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:lbr20_firmware::::::::	1	OR	2.7.4.2
cpe:2.3:h:netgear:lbr20:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbr10_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbr10:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbr20_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbr20:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbr40_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbr40:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbr50_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbr50:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbs10_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbs10:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbs20_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbs20:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbs40_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbs40:-:::::::*	0	OR
		AND
cpe:2.3:o:netgear:rbs50_firmware::::::::	1	OR	2.7.4.24
cpe:2.3:h:netgear:rbs50:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-523/	Third Party Advisory VDB Entry

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-27646
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27646

History

Created	Data Type	Notes
2023-04-17 03:46:39		Added to TrackCVE
2023-04-17 03:46:41	Weakness Enumeration	new
2023-04-17 05:04:35	CVSS V3 information	new