Details of VAR-202203-1668

ID

VAR-202203-1668

CVE

CVE-2022-27642

TITLE

Incorrect authentication vulnerability in multiple Netgear products

Trust: 0.8

sources: JVNDB: JVNDB-2022-021793

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.34

sources: NVD: CVE-2022-27642 // JVNDB: JVNDB-2022-021793 // ZDI: ZDI-22-518 // VULMON: CVE-2022-27642

AFFECTED PRODUCTS

vendor:	netgear	model:	lax20	scope:	lt	version:	1.1.6.34	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	rax42	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	rax50s	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax48	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	mr80	scope:	lt	version:	1.1.6.14	Trust: 1.0
vendor:	netgear	model:	ms80	scope:	lt	version:	1.1.6.14	Trust: 1.0
vendor:	netgear	model:	mr60	scope:	lt	version:	1.1.6.124	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	r7850	scope:	lt	version:	1.0.5.84	Trust: 1.0
vendor:	netgear	model:	rax40	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.1.86	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rax20	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	ms60	scope:	lt	version:	1.1.6.124	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rax38	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.134	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rax43	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	cax80	scope:	lt	version:	2.1.3.7	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.84	Trust: 1.0
vendor:	netgear	model:	rax50	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax15	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	rax35	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax45	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	ネットギア	model:	r7960p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax15	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000p	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r6700v3	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-518 // JVNDB: JVNDB-2022-021793 // NVD: CVE-2022-27642

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2022-27642
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-27642
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-27642
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-27642
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-202203-2054
value:	HIGH
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-27642
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2022-27642
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27642
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-27642
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-518 // JVNDB: JVNDB-2022-021793 // CNNVD: CNNVD-202203-2054 // NVD: CVE-2022-27642 // NVD: CVE-2022-27642

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-021793 // NVD: CVE-2022-27642

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2054

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202203-2054

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327	Trust: 0.7
title:	NETGEAR R6700v3 Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=232028	Trust: 0.6

sources: ZDI: ZDI-22-518 // CNNVD: CNNVD-202203-2054

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27642	Trust: 4.0
db:	ZDI	id:	ZDI-22-518	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-021793	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15854	Trust: 0.7
db:	CS-HELP	id:	SB2022032410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-2054	Trust: 0.6
db:	VULMON	id:	CVE-2022-27642	Trust: 0.1

sources: ZDI: ZDI-22-518 // VULMON: CVE-2022-27642 // JVNDB: JVNDB-2022-021793 // CNNVD: CNNVD-202203-2054 // NVD: CVE-2022-27642

REFERENCES

url:	https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327	Trust: 3.2
url:	https://www.zerodayinitiative.com/advisories/zdi-22-518/	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27642	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27642/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032410	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-518 // VULMON: CVE-2022-27642 // JVNDB: JVNDB-2022-021793 // CNNVD: CNNVD-202203-2054 // NVD: CVE-2022-27642

CREDITS

Bugscale team

Trust: 1.3

sources: ZDI: ZDI-22-518 // CNNVD: CNNVD-202203-2054

SOURCES

db:	ZDI	id:	ZDI-22-518
db:	VULMON	id:	CVE-2022-27642
db:	JVNDB	id:	JVNDB-2022-021793
db:	CNNVD	id:	CNNVD-202203-2054
db:	NVD	id:	CVE-2022-27642

LAST UPDATE DATE

2024-08-14T13:42:55.887000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-518	date:	2022-03-23T00:00:00
db:	VULMON	id:	CVE-2022-27642	date:	2023-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-021793	date:	2023-11-14T04:15:00
db:	CNNVD	id:	CNNVD-202203-2054	date:	2023-04-06T00:00:00
db:	NVD	id:	CVE-2022-27642	date:	2023-04-05T14:53:25.610

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-518	date:	2022-03-23T00:00:00
db:	VULMON	id:	CVE-2022-27642	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-021793	date:	2023-11-14T00:00:00
db:	CNNVD	id:	CNNVD-202203-2054	date:	2022-03-23T00:00:00
db:	NVD	id:	CVE-2022-27642	date:	2023-03-29T19:15:08.407