Sign-up

ID

VAR-202203-1571


CVE

CVE-2022-27641


TITLE

Integer overflow vulnerability in multiple Netgear products

Trust: 0.8

sources: JVNDB: JVNDB-2022-021803

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806. D7800 firmware, EX6200 firmware, EX8000 Multiple Netgear products, including firmware, contain an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.34

sources: NVD: CVE-2022-27641 // JVNDB: JVNDB-2022-021803 // ZDI: ZDI-22-544 // VULMON: CVE-2022-27641

AFFECTED PRODUCTS

vendor:netgearmodel:ex6200scope:ltversion:1.0.1.90

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.130

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.68

Trust: 1.0

vendor:netgearmodel:r6230scope:ltversion:1.1.0.112

Trust: 1.0

vendor:netgearmodel:r6220scope:ltversion:1.1.0.112

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.0.4.122

Trust: 1.0

vendor:netgearmodel:ex8000scope:ltversion:1.0.1.240

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.4.122

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.90

Trust: 1.0

vendor:ネットギアmodel:r6230scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6220scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex8000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:d7800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ex6200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:netgearmodel:r6700v3scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-544 // JVNDB: JVNDB-2022-021803 // NVD: CVE-2022-27641

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2022-27641
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-27641
value: HIGH

Trust: 1.0

NVD: CVE-2022-27641
value: HIGH

Trust: 0.8

ZDI: CVE-2022-27641
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202203-2477
value: HIGH

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2022-27641
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2022-27641
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2022-27641
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-544 // JVNDB: JVNDB-2022-021803 // CNNVD: CNNVD-202203-2477 // NVD: CVE-2022-27641 // NVD: CVE-2022-27641

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-021803 // NVD: CVE-2022-27641

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2477

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-2477

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278

Trust: 0.7

title:NETGEAR R6700 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=231219

Trust: 0.6

sources: ZDI: ZDI-22-544 // CNNVD: CNNVD-202203-2477

EXTERNAL IDS

db:NVDid:CVE-2022-27641

Trust: 4.0

db:ZDIid:ZDI-22-544

Trust: 3.2

db:JVNDBid:JVNDB-2022-021803

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15806

Trust: 0.7

db:CNNVDid:CNNVD-202203-2477

Trust: 0.6

db:VULMONid:CVE-2022-27641

Trust: 0.1

sources: ZDI: ZDI-22-544 // VULMON: CVE-2022-27641 // JVNDB: JVNDB-2022-021803 // CNNVD: CNNVD-202203-2477 // NVD: CVE-2022-27641

REFERENCES

url:https://kb.netgear.com/000064437/security-advisory-for-pre-authentication-buffer-overflow-on-multiple-products-psv-2021-0278

Trust: 3.2

url:https://www.zerodayinitiative.com/advisories/zdi-22-544/

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27641

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27641/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-22-544 // VULMON: CVE-2022-27641 // JVNDB: JVNDB-2022-021803 // CNNVD: CNNVD-202203-2477 // NVD: CVE-2022-27641

CREDITS

trichimtrich and nyancat0131

Trust: 1.3

sources: ZDI: ZDI-22-544 // CNNVD: CNNVD-202203-2477

SOURCES

db:ZDIid:ZDI-22-544
db:VULMONid:CVE-2022-27641
db:JVNDBid:JVNDB-2022-021803
db:CNNVDid:CNNVD-202203-2477
db:NVDid:CVE-2022-27641

LAST UPDATE DATE

2024-08-14T15:32:47.210000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-544date:2022-03-29T00:00:00
db:VULMONid:CVE-2022-27641date:2023-03-30T00:00:00
db:JVNDBid:JVNDB-2022-021803date:2023-11-14T04:24:00
db:CNNVDid:CNNVD-202203-2477date:2023-04-06T00:00:00
db:NVDid:CVE-2022-27641date:2023-04-05T15:42:17.153

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-544date:2022-03-29T00:00:00
db:VULMONid:CVE-2022-27641date:2023-03-29T00:00:00
db:JVNDBid:JVNDB-2022-021803date:2023-11-14T00:00:00
db:CNNVDid:CNNVD-202203-2477date:2022-03-29T00:00:00
db:NVDid:CVE-2022-27641date:2023-03-29T19:15:08.327