cbcvebase.
CVE-2022-27645
published 2023-03-29

CVE-2022-27645: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not…

high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Affected

24 ranges
VendorProductVersion rangeFixed in
netgearlax20_firmware< 1.1.6.341.1.6.34
netgearr6400_firmware< 1.0.4.1261.0.4.126
netgearr6700_firmware< 1.0.4.1261.0.4.126
netgearr6700v3
netgearr7000_firmware< 1.0.11.1341.0.11.134
netgearr7850_firmware< 1.0.5.841.0.5.84
netgearr7900p_firmware< 1.4.3.881.4.3.88
netgearr7960p_firmware< 1.4.3.881.4.3.88
netgearr8000_firmware< 1.0.4.841.0.4.84
netgearr8000p_firmware< 1.4.3.881.4.3.88
netgearr8500_firmware< 1.0.2.1581.0.2.158
netgearrax15_firmware< 1.0.10.1101.0.10.110
netgearrax200_firmware< 1.0.6.1381.0.6.138
netgearrax20_firmware< 1.0.10.1101.0.10.110
netgearrax35_firmware< 1.0.10.1101.0.10.110
netgearrax38_firmware< 1.0.10.1101.0.10.110
netgearrax40_firmware< 1.0.10.1101.0.10.110
netgearrax42_firmware< 1.0.10.1101.0.10.110
netgearrax43_firmware< 1.0.10.1101.0.10.110
netgearrax45_firmware< 1.0.10.1101.0.10.110
netgearrax48_firmware< 1.0.10.1101.0.10.110
netgearrax50_firmware< 1.0.10.1101.0.10.110
netgearrax50s_firmware< 1.0.10.1101.0.10.110
netgearrax75_firmware< 1.0.6.1381.0.6.138