cbcvebase.
CVE-2022-27642
published 2023-03-29

CVE-2022-27642: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers…

high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
netgearcax80_firmware< 2.1.3.72.1.3.7
netgearlax20_firmware< 1.1.6.341.1.6.34
netgearmr60_firmware< 1.1.6.1241.1.6.124
netgearmr80_firmware< 1.1.6.141.1.6.14
netgearms60_firmware< 1.1.6.1241.1.6.124
netgearms80_firmware< 1.1.6.141.1.6.14
netgearr6400_firmware< 1.0.1.781.0.1.78
netgearr6400_firmware< 1.0.4.1261.0.4.126
netgearr6700_firmware< 1.0.4.1261.0.4.126
netgearr6700v3
netgearr6900p_firmware< 1.3.3.1481.3.3.148
netgearr7000_firmware< 1.0.11.1341.0.11.134
netgearr7000p_firmware< 1.3.3.1481.3.3.148
netgearr7100lg_firmware< 1.0.0.761.0.0.76
netgearr7850_firmware< 1.0.5.841.0.5.84
netgearr7900p_firmware< 1.4.3.881.4.3.88
netgearr7960p_firmware< 1.4.3.881.4.3.88
netgearr8000_firmware< 1.0.4.841.0.4.84
netgearr8000p_firmware< 1.4.3.881.4.3.88
netgearr8500_firmware< 1.0.2.1581.0.2.158
netgearrax15_firmware< 1.0.10.1101.0.10.110
netgearrax200_firmware< 1.0.6.1381.0.6.138
netgearrax20_firmware< 1.0.10.1101.0.10.110
netgearrax35_firmware< 1.0.10.1101.0.10.110
netgearrax38_firmware< 1.0.10.1101.0.10.110