CVE-2022-27645

{"id": "CVE-2022-27645", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-03-29T19:15:08.637", "references": [{"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", "tags": ["Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."}], "lastModified": "2024-11-21T06:56:05.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", "versionEndExcluding": "1.1.6.34"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780", "versionEndExcluding": "1.0.4.126"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1", "versionEndExcluding": "1.0.4.126"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A", "versionEndExcluding": "1.0.11.134"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0", "versionEndExcluding": "1.0.5.84"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", "versionEndExcluding": "1.4.3.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", "versionEndExcluding": "1.4.3.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99", "versionEndExcluding": "1.0.4.84"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E", "versionEndExcluding": "1.4.3.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", "versionEndExcluding": "1.0.2.158"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F", "versionEndExcluding": "1.0.6.138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", "versionEndExcluding": "1.0.10.110"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E", "versionEndExcluding": "1.0.6.138"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}