Buffer Overflow Flaw in NETGEAR Routers
CVE-2022-27641

8.8HIGH

Key Information:

Vendor: Netgear
Status: R6700v3
Vendor: CVE Published:; 29 March 2023

Summary

The vulnerability in the NETGEAR R6700v3 router's NetUSB module poses a significant risk by allowing network-adjacent attackers to execute arbitrary code. This flaw arises from inadequate validation of user-supplied data, leading to an integer overflow that can occur before the allocation of a buffer. The lack of required authentication makes it particularly dangerous, enabling exploitation by attackers to run code with root-level privileges on the router.

Affected Version(s)

R6700v3 1.0.4.120_10.0.91

References

https://kb.netgear.com/000064437/Security-Advisory-for-Pr...

https://www.zerodayinitiative.com/advisories/ZDI-22-544/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Mar 22, 2022

Credit

trichimtrich and nyancat0131