Sign-up

ID

VAR-202203-1669


CVE

CVE-2022-27645


TITLE

Vulnerability related to lack of authentication for important functions in multiple NETGEAR products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022071

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages

Trust: 2.34

sources: NVD: CVE-2022-27645 // JVNDB: JVNDB-2022-022071 // ZDI: ZDI-22-522 // VULMON: CVE-2022-27645

AFFECTED PRODUCTS

vendor:netgearmodel:lax20scope:ltversion:1.1.6.34

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.0.4.126

Trust: 1.0

vendor:netgearmodel:rax42scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.4.126

Trust: 1.0

vendor:netgearmodel:rax50sscope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax48scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r7960pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:r8000pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.6.138

Trust: 1.0

vendor:netgearmodel:rax40scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r7850scope:ltversion:1.0.5.84

Trust: 1.0

vendor:netgearmodel:r8500scope:ltversion:1.0.2.158

Trust: 1.0

vendor:netgearmodel:rax20scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax38scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.134

Trust: 1.0

vendor:netgearmodel:r7900pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:rax43scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r8000scope:ltversion:1.0.4.84

Trust: 1.0

vendor:netgearmodel:rax50scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax15scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax200scope:ltversion:1.0.6.138

Trust: 1.0

vendor:netgearmodel:rax35scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax45scope:ltversion:1.0.10.110

Trust: 1.0

vendor:ネットギアmodel:rax48scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8500scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax35scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax38scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax200scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax45scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax43scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7960pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax42scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax15scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:lax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax40scope: - version: -

Trust: 0.8

vendor:netgearmodel:r6700v3scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-522 // JVNDB: JVNDB-2022-022071 // NVD: CVE-2022-27645

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2022-27645
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-27645
value: HIGH

Trust: 1.0

NVD: CVE-2022-27645
value: HIGH

Trust: 0.8

ZDI: CVE-2022-27645
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202203-2062
value: HIGH

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2022-27645
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2022-27645
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2022-27645
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-522 // JVNDB: JVNDB-2022-022071 // CNNVD: CNNVD-202203-2062 // NVD: CVE-2022-27645 // NVD: CVE-2022-27645

PROBLEMTYPE DATA

problemtype:CWE-697

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022071 // NVD: CVE-2022-27645

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2062

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202203-2062

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325

Trust: 0.7

title:NETGEAR R6700v3 Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=235321

Trust: 0.6

sources: ZDI: ZDI-22-522 // CNNVD: CNNVD-202203-2062

EXTERNAL IDS

db:NVDid:CVE-2022-27645

Trust: 4.0

db:ZDIid:ZDI-22-522

Trust: 3.2

db:JVNDBid:JVNDB-2022-022071

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15762

Trust: 0.7

db:CS-HELPid:SB2022032410

Trust: 0.6

db:CNNVDid:CNNVD-202203-2062

Trust: 0.6

db:VULMONid:CVE-2022-27645

Trust: 0.1

sources: ZDI: ZDI-22-522 // VULMON: CVE-2022-27645 // JVNDB: JVNDB-2022-022071 // CNNVD: CNNVD-202203-2062 // NVD: CVE-2022-27645

REFERENCES

url:https://kb.netgear.com/000064722/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-fixed-wireless-products-psv-2021-0325

Trust: 3.2

url:https://www.zerodayinitiative.com/advisories/zdi-22-522/

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27645

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27645/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032410

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-22-522 // VULMON: CVE-2022-27645 // JVNDB: JVNDB-2022-022071 // CNNVD: CNNVD-202203-2062 // NVD: CVE-2022-27645

CREDITS

Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)

Trust: 0.7

sources: ZDI: ZDI-22-522

SOURCES

db:ZDIid:ZDI-22-522
db:VULMONid:CVE-2022-27645
db:JVNDBid:JVNDB-2022-022071
db:CNNVDid:CNNVD-202203-2062
db:NVDid:CVE-2022-27645

LAST UPDATE DATE

2024-08-14T13:42:56.044000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-522date:2022-03-23T00:00:00
db:VULMONid:CVE-2022-27645date:2023-03-30T00:00:00
db:JVNDBid:JVNDB-2022-022071date:2023-11-15T03:22:00
db:CNNVDid:CNNVD-202203-2062date:2023-05-04T00:00:00
db:NVDid:CVE-2022-27645date:2023-04-28T21:15:08.350

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-522date:2022-03-23T00:00:00
db:VULMONid:CVE-2022-27645date:2023-03-29T00:00:00
db:JVNDBid:JVNDB-2022-022071date:2023-11-15T00:00:00
db:CNNVDid:CNNVD-202203-2062date:2022-03-23T00:00:00
db:NVDid:CVE-2022-27645date:2023-03-29T19:15:08.637