CVE-2022-27641

8.8HIGH

Key Information

Vendor: Netgear
Status: R6700v3
Vendor: CVE Published:; 29 March 2023

Summary

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

Affected Version(s)

R6700v3 = 1.0.4.120_10.0.91

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 29, 2023
Vulnerability Reserved.
Mar 22, 2022

Collectors

NVD DatabaseMitre Database

Credit

trichimtrich and nyancat0131