CVE-2022-27645

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-27645
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*
History

28 Apr 2023, 21:15

Type Values Removed Values Added
CWE CWE-697 CWE-306
Summary This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

06 Apr 2023, 17:55

Type Values Removed Values Added
CWE CWE-863 CWE-697
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-522/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-522/ - Third Party Advisory, VDB Entry
References (MISC) https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 - (MISC) https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325 - Vendor Advisory
First Time Netgear lax20 Firmware
Netgear rax75
Netgear rax15
Netgear rax75 Firmware
Netgear rax50s Firmware
Netgear rax43 Firmware
Netgear r6400
Netgear rax35 Firmware
Netgear lax20
Netgear rax200
Netgear r8000p
Netgear rax50 Firmware
Netgear r8000 Firmware
Netgear r7850 Firmware
Netgear r6700
Netgear rax20
Netgear rax38 Firmware
Netgear rax42
Netgear r7960p
Netgear
Netgear rax15 Firmware
Netgear rax48 Firmware
Netgear rax45 Firmware
Netgear r8500 Firmware
Netgear rax200 Firmware
Netgear r8000p Firmware
Netgear rax40
Netgear r8500
Netgear r7000
Netgear rax48
Netgear r7850
Netgear rax38
Netgear rax35
Netgear r8000
Netgear r7900p
Netgear r6400 Firmware
Netgear rax50
Netgear rax45
Netgear rax50s
Netgear rax40 Firmware
Netgear rax20 Firmware
Netgear r7900p Firmware
Netgear rax43
Netgear rax42 Firmware
Netgear r6700 Firmware
Netgear r7960p Firmware
Netgear r7000 Firmware
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*
cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

29 Mar 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-29 19:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-27645

Mitre link : CVE-2022-27645

CVE.ORG link : CVE-2022-27645

JSON object : View

Products Affected

netgear

  • r8000_firmware
  • rax38
  • rax38_firmware
  • rax42_firmware
  • lax20
  • rax15_firmware
  • r8500_firmware
  • rax45
  • r8000
  • rax75_firmware
  • rax43_firmware
  • r7900p_firmware
  • rax20
  • r8000p
  • rax48
  • rax50
  • rax43
  • rax200
  • rax75
  • rax200_firmware
  • rax50_firmware
  • r6400
  • r7900p
  • lax20_firmware
  • r6400_firmware
  • r7850
  • rax15
  • rax42
  • rax48_firmware
  • r8000p_firmware
  • r7960p_firmware
  • rax35
  • r6700
  • rax20_firmware
  • rax35_firmware
  • rax40
  • r7960p
  • r6700_firmware
  • rax40_firmware
  • r7850_firmware
  • rax50s_firmware
  • r8500
  • rax50s
  • rax45_firmware
  • r7000
  • r7000_firmware
CWE
CWE-306

Missing Authentication for Critical Function

CWE-697

Incorrect Comparison