This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
| Link | Resource |
|---|---|
| https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 | Vendor Advisory |
| https://www.zerodayinitiative.com/advisories/ZDI-22-524/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
Configuration 32 (hide)
| AND |
|
Configuration 33 (hide)
| AND |
|
Configuration 34 (hide)
| AND |
|
History
06 Apr 2023, 15:05
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
| First Time |
Netgear rax80
Netgear rax20 Netgear rax43 Netgear r7000 Netgear rax40 Netgear rax45 Netgear rax50s Firmware Netgear cax80 Netgear r7000p Netgear rax43 Firmware Netgear rax50 Netgear rax38 Firmware Netgear rax42 Firmware Netgear mr60 Netgear r6900p Netgear rax15 Firmware Netgear r7960p Firmware Netgear rax15 Netgear r8000 Firmware Netgear r7900p Firmware Netgear rax80 Firmware Netgear ms80 Firmware Netgear r6400 Netgear r8000 Netgear rs400 Netgear mr80 Netgear rax48 Firmware Netgear mr80 Firmware Netgear r8000p Netgear r7850 Firmware Netgear r7000 Firmware Netgear r7850 Netgear rax75 Netgear rax75 Firmware Netgear cax80 Firmware Netgear rax20 Firmware Netgear rs400 Firmware Netgear rax45 Firmware Netgear r7100lg Netgear r8500 Firmware Netgear r6700 Firmware Netgear rax50 Firmware Netgear rax200 Firmware Netgear r7000p Firmware Netgear rax42 Netgear r6900p Firmware Netgear lax20 Firmware Netgear rax200 Netgear rax35 Firmware Netgear r8500 Netgear r8000p Firmware Netgear r6400 Firmware Netgear r7900p Netgear Netgear rax48 Netgear rax50s Netgear ms80 Netgear rax35 Netgear lax20 Netgear rax38 Netgear mr60 Firmware Netgear r7100lg Firmware Netgear ms60 Firmware Netgear r7960p Netgear rax40 Firmware Netgear ms60 Netgear r6700 |
|
| CPE | cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-524/ - Third Party Advisory, VDB Entry | |
| References | (MISC) https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 - Vendor Advisory |
Information
Published : 2023-03-29 19:15
Updated : 2023-04-06 15:05
NVD link : CVE-2022-27647
Mitre link : CVE-2022-27647
JSON object : View
Products Affected
netgear
- rax200_firmware
- r8500_firmware
- r7100lg_firmware
- ms60_firmware
- rax45
- rs400_firmware
- rax50_firmware
- r7960p
- ms80
- rax43
- lax20
- rax80_firmware
- rax45_firmware
- r7850_firmware
- rax43_firmware
- mr60
- lax20_firmware
- rax75_firmware
- rax48
- r7900p_firmware
- rax40
- rs400
- r7100lg
- r8500
- mr60_firmware
- r6400
- r6400_firmware
- r7000_firmware
- r8000_firmware
- rax20
- rax35
- r8000p_firmware
- rax50s_firmware
- rax35_firmware
- r6700_firmware
- r7000p
- r7850
- r8000p
- rax15
- rax42
- r7960p_firmware
- r8000
- rax80
- rax15_firmware
- rax200
- rax42_firmware
- r6700
- rax50
- mr80_firmware
- r7000p_firmware
- r6900p
- cax80
- cax80_firmware
- ms80_firmware
- r6900p_firmware
- rax38_firmware
- r7000
- mr80
- rax20_firmware
- rax75
- rax48_firmware
- rax38
- rax50s
- ms60
- rax40_firmware
- r7900p
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')