Buffer Overflow Vulnerability in NETGEAR Routers
CVE-2022-27643

8.8HIGH

Key Information:

Vendor

Netgear
Status
R6700v3
Vendor
CVE Published:
29 March 2023

What is CVE-2022-27643?

A vulnerability exists in the NETGEAR R6700v3 router allowing network-adjacent attackers to execute arbitrary code without authentication. The flaw arises from improper validation of the length of user-supplied data in SOAP requests, particularly when parsing the SOAPAction header. This could enable an attacker to manipulate memory structures and execute malicious code with root privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

R6700v3 1.0.4.120_10.0.91

References

https://www.zerodayinitiative.com/advisories/ZDI-22-519/
https://kb.netgear.com/000064720/Security-Advisory-for-Pr...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stephen Fewer of Relyze Software Limited (www.relyze.com)
JSON
.