{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27645", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "dateUpdated": "2024-08-03T05:32:59.899Z", "dateReserved": "2022-03-22T00:00:00", "datePublished": "2023-03-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2023-04-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."}], "affected": [{"vendor": "NETGEAR", "product": "R6700v3", "versions": [{"version": "1.0.4.120_10.0.91", "status": "affected"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"}, {"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"}], "credits": [{"lang": "en", "value": "Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "cweId": "CWE-306"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.899Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", "tags": ["x_transferred"]}, {"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", "versionEndExcluding": "1.1.6.34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780", "versionEndExcluding": "1.0.4.126", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1", "versionEndExcluding": "1.0.4.126", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A", "versionEndExcluding": "1.0.11.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0", "versionEndExcluding": "1.0.5.84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99", "versionEndExcluding": "1.0.4.84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", "versionEndExcluding": "1.0.2.158", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F", "versionEndExcluding": "1.0.6.138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E", "versionEndExcluding": "1.0.6.138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."}], "id": "CVE-2022-27645", "lastModified": "2023-04-28T21:15:08.350", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-29T19:15:08.637", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}