CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zerodayinitiative.com/advisories/ZDI-22-520/	Third Party Advisory VDB Entry
https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*

History

05 Apr 2023, 15:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:o:netgear:rbr10_firmware:::::::: cpe:2.3:o:netgear:r7000_firmware:::::::: cpe:2.3:o:netgear:r6700_firmware:::::::: cpe:2.3:o:netgear:r7850_firmware:::::::: cpe:2.3:o:netgear:r6400_firmware:::::::: cpe:2.3:h:netgear:cbr40:-:::::::* cpe:2.3:o:netgear:rax80_firmware:::::::: cpe:2.3:o:netgear:rax200_firmware:::::::: cpe:2.3:o:netgear:cbr40_firmware:::::::: cpe:2.3:o:netgear:rbr50_firmware:::::::: cpe:2.3:o:netgear:r6900p_firmware:::::::: cpe:2.3:h:netgear:rs400:-:::::::* cpe:2.3:h:netgear:rax80:-:::::::* cpe:2.3:o:netgear:r7960p_firmware:::::::: cpe:2.3:h:netgear:rax75:-:::::::* cpe:2.3:o:netgear:rbs10_firmware:::::::: cpe:2.3:h:netgear:r6900p:-:::::::* cpe:2.3:o:netgear:rs400_firmware:::::::: cpe:2.3:o:netgear:lbr1020_firmware:::::::: cpe:2.3:h:netgear:lbr20:-:::::::* cpe:2.3:o:netgear:rbs40_firmware:::::::: cpe:2.3:h:netgear:r7000p:-:::::::* cpe:2.3:h:netgear:rbr50:-:::::::* cpe:2.3:h:netgear:r8000p:-:::::::* cpe:2.3:o:netgear:lbr20_firmware:::::::: cpe:2.3:h:netgear:rbr40:-:::::::* cpe:2.3:o:netgear:r7000p_firmware:::::::: cpe:2.3:h:netgear:r7850:-:::::::* cpe:2.3:h:netgear:r6700:v3:::::::* cpe:2.3:h:netgear:r7960p:-:::::::* cpe:2.3:h:netgear:rbs20:-:::::::* cpe:2.3:o:netgear:rbs50_firmware:::::::: cpe:2.3:h:netgear:lbr1020:-:::::::* cpe:2.3:h:netgear:rbr20:-:::::::* cpe:2.3:h:netgear:rbs10:-:::::::* cpe:2.3:h:netgear:r6400:v2:::::::* cpe:2.3:o:netgear:rbr40_firmware:::::::: cpe:2.3:h:netgear:rbr10:-:::::::* cpe:2.3:h:netgear:rax200:-:::::::* cpe:2.3:h:netgear:rbs40:-:::::::* cpe:2.3:h:netgear:rbs50:-:::::::* cpe:2.3:h:netgear:r8000:-:::::::* cpe:2.3:o:netgear:rbr20_firmware:::::::: cpe:2.3:o:netgear:rbs20_firmware:::::::: cpe:2.3:o:netgear:r8000_firmware:::::::: cpe:2.3:o:netgear:rax75_firmware:::::::: cpe:2.3:h:netgear:r7000:-:::::::* cpe:2.3:o:netgear:r8000p_firmware::::::::
First Time		Netgear rs400 Firmware Netgear r6700 Firmware Netgear rbr10 Firmware Netgear rax80 Netgear rbs40 Netgear rax200 Firmware Netgear r7000p Firmware Netgear lbr20 Firmware Netgear rbr50 Netgear r7000 Netgear r7000p Netgear r6900p Firmware Netgear lbr20 Netgear rax200 Netgear r8000p Firmware Netgear rbs10 Firmware Netgear rbs50 Firmware Netgear rbr40 Firmware Netgear r6900p Netgear r6400 Firmware Netgear cbr40 Firmware Netgear r7960p Firmware Netgear Netgear rbr20 Firmware Netgear rbs20 Firmware Netgear rbr20 Netgear r8000 Firmware Netgear lbr1020 Netgear rbs20 Netgear rax80 Firmware Netgear rbr10 Netgear rbs50 Netgear r6400 Netgear r8000 Netgear rs400 Netgear r7850 Firmware Netgear r8000p Netgear r7000 Firmware Netgear r7850 Netgear lbr1020 Firmware Netgear cbr40 Netgear rax75 Netgear r7960p Netgear rax75 Firmware Netgear rbs40 Firmware Netgear rbr40 Netgear r6700 Netgear rbs10 Netgear rbr50 Firmware
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-520/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-520/ - Third Party Advisory, VDB Entry
References	~~(MISC) https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 -~~	(MISC) https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324 - Vendor Advisory

Information

Published : 2023-03-29 19:15

Updated : 2023-04-05 15:22

NVD link : CVE-2022-27644

Mitre link : CVE-2022-27644

JSON object : View

Products Affected

netgear

rax200_firmware
cbr40
rbs40_firmware
rs400_firmware
rbs20_firmware
r7960p
rax80_firmware
rbs50
rbr10_firmware
rbr10
r7850_firmware
rbr20
lbr20
rax75_firmware
cbr40_firmware
rbs20
rs400
lbr1020_firmware
r6400
r7000_firmware
r6400_firmware
r8000_firmware
r8000p_firmware
r6700_firmware
r7000p
r7850
r8000p
rbr20_firmware
rbr50
r7960p_firmware
r8000
rax80
rbs50_firmware
rax200
rbs10
r6700
rbr50_firmware
lbr20_firmware
r7000p_firmware
r6900p
rbs10_firmware
r6900p_firmware
rbs40
rbr40
r7000
lbr1020
rax75
rbr40_firmware

CWE

CWE-295

Improper Certificate Validation

8.8 /10