Buffer Overflow Flaw in NETGEAR Routers
CVE-2022-27641

8.8HIGH

Key Information:

Vendor

Netgear
Status
R6700v3
Vendor
CVE Published:
29 March 2023

What is CVE-2022-27641?

The vulnerability in the NETGEAR R6700v3 router's NetUSB module poses a significant risk by allowing network-adjacent attackers to execute arbitrary code. This flaw arises from inadequate validation of user-supplied data, leading to an integer overflow that can occur before the allocation of a buffer. The lack of required authentication makes it particularly dangerous, enabling exploitation by attackers to run code with root-level privileges on the router.

Affected Version(s)

R6700v3 1.0.4.120_10.0.91

References

https://kb.netgear.com/000064437/Security-Advisory-for-Pr...
https://www.zerodayinitiative.com/advisories/ZDI-22-544/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

trichimtrich and nyancat0131
JSON
.