This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
| Link | Resource |
|---|---|
| https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-518/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
Configuration 32 (hide)
| AND |
|
Configuration 33 (hide)
| AND |
|
Configuration 34 (hide)
| AND |
|
History
05 Apr 2023, 14:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Netgear r6400
Netgear rax75 Firmware Netgear rax15 Netgear rax50s Firmware Netgear r7000p Firmware Netgear lax20 Netgear r7000p Netgear r6900p Netgear r8000p Netgear rax50 Firmware Netgear rax20 Netgear rax38 Firmware Netgear mr80 Netgear rs400 Netgear r7960p Netgear mr80 Firmware Netgear r6900p Firmware Netgear rax15 Firmware Netgear rax48 Firmware Netgear rax45 Firmware Netgear rax200 Firmware Netgear rs400 Firmware Netgear rax48 Netgear rax38 Netgear r7000 Netgear cax80 Firmware Netgear r7900p Netgear rax50s Netgear rax40 Firmware Netgear rax43 Netgear r6700 Firmware Netgear ms80 Firmware Netgear mr60 Netgear lax20 Firmware Netgear rax75 Netgear rax43 Firmware Netgear rax35 Firmware Netgear rax200 Netgear ms60 Netgear rax80 Firmware Netgear r8000 Firmware Netgear r7850 Firmware Netgear r6700 Netgear r7100lg Firmware Netgear rax42 Netgear r7100lg Netgear Netgear rax80 Netgear r8500 Firmware Netgear r8000p Firmware Netgear cax80 Netgear rax40 Netgear r8500 Netgear r7850 Netgear ms60 Firmware Netgear rax35 Netgear r8000 Netgear r6400 Firmware Netgear rax50 Netgear ms80 Netgear rax45 Netgear rax20 Firmware Netgear r7900p Firmware Netgear mr60 Firmware Netgear rax42 Firmware Netgear r7960p Firmware Netgear r7000 Firmware |
|
| References | (MISC) https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 - Vendor Advisory | |
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-518/ - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 Mar 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-29 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-27642
Mitre link : CVE-2022-27642
CVE.ORG link : CVE-2022-27642
JSON object : View
Products Affected
netgear
- rax40
- rax75_firmware
- r7960p_firmware
- rax35_firmware
- r7100lg
- rax50s
- rax15_firmware
- r8500_firmware
- rax42
- r7000p_firmware
- mr60
- r7000
- r8000p
- r8500
- r6400
- r7000p
- r6900p_firmware
- rax48
- mr80
- ms60
- rax43
- rax48_firmware
- rax50_firmware
- rax50
- rax200_firmware
- r8000p_firmware
- cax80
- mr60_firmware
- ms60_firmware
- rax75
- r6700
- rax80_firmware
- lax20
- r8000_firmware
- rax45_firmware
- rs400
- r7900p_firmware
- r6400_firmware
- rs400_firmware
- r7900p
- rax20_firmware
- r7850_firmware
- r7960p
- r7850
- rax20
- rax40_firmware
- rax42_firmware
- ms80
- ms80_firmware
- rax200
- r8000
- rax15
- rax45
- rax80
- rax35
- r7100lg_firmware
- rax43_firmware
- rax50s_firmware
- rax38_firmware
- lax20_firmware
- r6900p
- r6700_firmware
- cax80_firmware
- rax38
- r7000_firmware
- mr80_firmware
CWE
CWE-863
Incorrect Authorization