Details of VAR-202203-1671

ID

VAR-202203-1671

CVE

CVE-2022-27647

TITLE

in multiple NETGEAR products. OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-022073

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.34

sources: NVD: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // ZDI: ZDI-22-524 // VULMON: CVE-2022-27647

AFFECTED PRODUCTS

vendor:	netgear	model:	lax20	scope:	lt	version:	1.1.6.34	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	rax42	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	rax50s	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax48	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	mr80	scope:	lt	version:	1.1.6.14	Trust: 1.0
vendor:	netgear	model:	ms80	scope:	lt	version:	1.1.6.14	Trust: 1.0
vendor:	netgear	model:	mr60	scope:	lt	version:	1.1.6.124	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	r7850	scope:	lt	version:	1.0.5.84	Trust: 1.0
vendor:	netgear	model:	rax40	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.1.86	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.158	Trust: 1.0
vendor:	netgear	model:	rax20	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	ms60	scope:	lt	version:	1.1.6.124	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rax38	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.134	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rax43	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	cax80	scope:	lt	version:	2.1.3.7	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.84	Trust: 1.0
vendor:	netgear	model:	rax50	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax15	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	rax35	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	netgear	model:	rax45	scope:	lt	version:	1.0.10.110	Trust: 1.0
vendor:	ネットギア	model:	mr60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	mr80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ms60	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7960p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax15	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r6700v3	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-524 // JVNDB: JVNDB-2022-022073 // NVD: CVE-2022-27647

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2022-27647
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2022-27647
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-27647
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-27647
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202203-2064
value:	HIGH
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-27647
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2022-27647
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2022-27647
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-524 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647 // NVD: CVE-2022-27647

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-022073 // NVD: CVE-2022-27647

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2064

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202203-2064

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327	Trust: 0.7
title:	NETGEAR R6700v3 Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=231217	Trust: 0.6

sources: ZDI: ZDI-22-524 // CNNVD: CNNVD-202203-2064

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27647	Trust: 4.0
db:	ZDI	id:	ZDI-22-524	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-022073	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15874	Trust: 0.7
db:	CS-HELP	id:	SB2022032410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-2064	Trust: 0.6
db:	VULMON	id:	CVE-2022-27647	Trust: 0.1

sources: ZDI: ZDI-22-524 // VULMON: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647

REFERENCES

url:	https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327	Trust: 3.2
url:	https://www.zerodayinitiative.com/advisories/zdi-22-524/	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27647	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27647/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032410	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-524 // VULMON: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647

CREDITS

Bugscale team

Trust: 1.3

sources: ZDI: ZDI-22-524 // CNNVD: CNNVD-202203-2064

SOURCES

db:	ZDI	id:	ZDI-22-524
db:	VULMON	id:	CVE-2022-27647
db:	JVNDB	id:	JVNDB-2022-022073
db:	CNNVD	id:	CNNVD-202203-2064
db:	NVD	id:	CVE-2022-27647

LAST UPDATE DATE

2024-08-14T13:42:56.011000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-524	date:	2022-03-23T00:00:00
db:	VULMON	id:	CVE-2022-27647	date:	2023-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-022073	date:	2023-11-15T03:22:00
db:	CNNVD	id:	CNNVD-202203-2064	date:	2023-04-07T00:00:00
db:	NVD	id:	CVE-2022-27647	date:	2023-04-06T15:05:39.393

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-524	date:	2022-03-23T00:00:00
db:	VULMON	id:	CVE-2022-27647	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-022073	date:	2023-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202203-2064	date:	2022-03-23T00:00:00
db:	NVD	id:	CVE-2022-27647	date:	2023-03-29T19:15:08.773