This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
References
| Link | Resource |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-520/ | Third Party Advisory VDB Entry |
| https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
History
05 Apr 2023, 15:22
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Netgear r6400
Netgear rax75 Netgear rax75 Firmware Netgear rbs50 Netgear r7000p Firmware Netgear rbs40 Netgear r7000p Netgear cbr40 Firmware Netgear rax200 Netgear r6900p Netgear rax80 Firmware Netgear r8000p Netgear rbs50 Firmware Netgear rbs20 Netgear r8000 Firmware Netgear r7850 Firmware Netgear lbr1020 Netgear r6700 Netgear rbr10 Firmware Netgear cbr40 Netgear rbr40 Netgear rs400 Netgear r7960p Netgear rbr20 Netgear rbr20 Firmware Netgear Netgear rbs10 Netgear r6900p Firmware Netgear rax80 Netgear rax200 Firmware Netgear rs400 Firmware Netgear rbs20 Firmware Netgear r8000p Firmware Netgear rbr40 Firmware Netgear rbr50 Netgear lbr1020 Firmware Netgear r7850 Netgear lbr20 Firmware Netgear r7000 Netgear r8000 Netgear r6400 Firmware Netgear rbs40 Firmware Netgear rbs10 Firmware Netgear rbr10 Netgear r6700 Firmware Netgear rbr50 Firmware Netgear r7960p Firmware Netgear lbr20 Netgear r7000 Firmware |
|
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-520/ - Third Party Advisory, VDB Entry | |
| References | (MISC) https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 Mar 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-29 19:15
Updated : 2023-04-05 15:22
NVD link : CVE-2022-27644
Mitre link : CVE-2022-27644
CVE.ORG link : CVE-2022-27644
JSON object : View
Products Affected
netgear
- r6700
- lbr20
- rs400_firmware
- rax200_firmware
- r8000_firmware
- r7960p
- rbs50_firmware
- r8000p
- r8000
- rax80
- rs400
- rbs20
- lbr1020
- rax200
- r6900p_firmware
- r8000p_firmware
- r7960p_firmware
- r6700_firmware
- cbr40_firmware
- rbr20
- rbs20_firmware
- r7850_firmware
- rbs10_firmware
- r7000
- r6400
- r7850
- rax75
- r7000p
- lbr1020_firmware
- rbr40_firmware
- rbs50
- rbs40
- r6400_firmware
- lbr20_firmware
- rbr50_firmware
- r6900p
- rbs40_firmware
- rbs10
- rax75_firmware
- r7000_firmware
- cbr40
- rbr40
- rbr20_firmware
- rax80_firmware
- r7000p_firmware
- rbr10_firmware
- rbr10
- rbr50
CWE
CWE-295
Improper Certificate Validation