CVE-2022-27645

8.8HIGH

Key Information

Vendor
Netgear
Status
R6700v3
Vendor
CVE Published:
29 March 2023

Summary

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Affected Version(s)

R6700v3 = 1.0.4.120_10.0.91

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)
.