CVE-2022-27644Improper Certificate Validation in Netgear Cbr40 Firmware

CWE-295Improper Certificate Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 65.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
Netgear Cbr40 FirmwareNetgear Lbr1020 FirmwareNetgear Lbr20 Firmware+22 more
Timeline
PublishedMar 29

Description

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary c

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages25 packages

CVEListV5netgear/r6700v31.0.4.120_10.0.91
NVDnetgear/cbr40_firmware< 2.5.0.28
NVDnetgear/lbr20_firmware< 2.7.4.2
NVDnetgear/r6400_firmware< 1.0.4.126
NVDnetgear/r6700_firmware< 1.0.4.126

🔴Vulnerability Details

2
CVEList
CVE-2022-27644: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v2023-03-29
GHSA
GHSA-rvc6-cvq7-4g2q: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v2023-03-29