{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27647", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "dateUpdated": "2025-02-18T17:41:07.125Z", "dateReserved": "2022-03-22T00:00:00.000Z", "datePublished": "2023-03-29T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2023-03-29T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."}], "affected": [{"vendor": "NETGEAR", "product": "R6700v3", "versions": [{"version": "1.0.4.120_10.0.91", "status": "affected"}]}], "references": [{"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"}], "credits": [{"lang": "en", "value": "Bugscale team"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.969Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-18T17:40:25.890386Z", "id": "CVE-2022-27647", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T17:41:07.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.969Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-27647", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-18T17:40:25.890386Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T17:40:15.607Z"}}], "cna": {"credits": [{"lang": "en", "value": "Bugscale team"}], "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "NETGEAR", "product": "R6700v3", "versions": [{"status": "affected", "version": "1.0.4.120_10.0.91"}]}], "references": [{"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2023-03-29T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-27647", "state": "PUBLISHED", "dateUpdated": "2025-02-18T17:41:07.125Z", "dateReserved": "2022-03-22T00:00:00.000Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2023-03-29T00:00:00.000Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2", "versionEndExcluding": "2.1.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*", "matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", "versionEndExcluding": "1.1.6.34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72582A2-5A44-4ED5-8497-FCAB59A125BE", "versionEndExcluding": "1.1.6.124", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243", "versionEndExcluding": "1.1.6.14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F50C923-68DC-48EB-A41B-0D3F99B16E1F", "versionEndExcluding": "1.1.6.124", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95E44445-7F76-4CD6-91AC-CEBC46DFA587", "versionEndExcluding": "1.1.6.14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC", "versionEndExcluding": "1.0.1.78", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780", "versionEndExcluding": "1.0.4.126", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1", "versionEndExcluding": "1.0.4.126", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5", "versionEndExcluding": "1.3.3.148", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A", "versionEndExcluding": "1.0.11.134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", "versionEndExcluding": "1.3.3.148", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0", "versionEndExcluding": "1.0.5.84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99", "versionEndExcluding": "1.0.4.84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E", "versionEndExcluding": "1.4.3.88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", "versionEndExcluding": "1.0.2.158", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F", "versionEndExcluding": "1.0.6.138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", "versionEndExcluding": "1.0.10.110", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E", "versionEndExcluding": "1.0.6.138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD", "versionEndExcluding": "1.0.6.138", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", "versionEndExcluding": "1.5.1.86", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB", "versionEndExcluding": "1.0.0.76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."}], "id": "CVE-2022-27647", "lastModified": "2024-11-21T06:56:05.650", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-29T19:15:08.773", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}

{}