CVE-2022-27646
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
29/03/2023
Last modified:
06/04/2023
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* | 1.0.4.126 (excluding) | |
| cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* | 1.0.4.126 (excluding) | |
| cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* | 1.3.3.148 (excluding) | |
| cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* | 1.0.11.134 (excluding) | |
| cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* | 1.3.3.148 (excluding) | |
| cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:* | 1.0.5.84 (excluding) | |
| cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* | 1.4.3.88 (excluding) | |
| cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* | 1.0.4.84 (excluding) |
To consult the complete list of CPE names with products and versions, see this page