8.8
CVE-2022-27642
- EPSS 0.04%
- Veröffentlicht 29.03.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:56:04
- Quelle zdi-disclosures@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Cax80 Firmware Version < 2.1.3.7
Netgear ≫ Lax20 Firmware Version < 1.1.6.34
Netgear ≫ Mr60 Firmware Version < 1.1.6.124
Netgear ≫ Mr80 Firmware Version < 1.1.6.14
Netgear ≫ Ms60 Firmware Version < 1.1.6.124
Netgear ≫ Ms80 Firmware Version < 1.1.6.14
Netgear ≫ R6400 Firmware Version < 1.0.1.78
Netgear ≫ R6400 Firmware Version < 1.0.4.126
Netgear ≫ R6700 Firmware Version < 1.0.4.126
Netgear ≫ R6900p Firmware Version < 1.3.3.148
Netgear ≫ R7000 Firmware Version < 1.0.11.134
Netgear ≫ R7000p Firmware Version < 1.3.3.148
Netgear ≫ R7850 Firmware Version < 1.0.5.84
Netgear ≫ R7900p Firmware Version < 1.4.3.88
Netgear ≫ R7960p Firmware Version < 1.4.3.88
Netgear ≫ R8000 Firmware Version < 1.0.4.84
Netgear ≫ R8000p Firmware Version < 1.4.3.88
Netgear ≫ R8500 Firmware Version < 1.0.2.158
Netgear ≫ Rax15 Firmware Version < 1.0.10.110
Netgear ≫ Rax20 Firmware Version < 1.0.10.110
Netgear ≫ Rax200 Firmware Version < 1.0.6.138
Netgear ≫ Rax35 Firmware Version < 1.0.10.110
Netgear ≫ Rax38 Firmware Version < 1.0.10.110
Netgear ≫ Rax40 Firmware Version < 1.0.10.110
Netgear ≫ Rax42 Firmware Version < 1.0.10.110
Netgear ≫ Rax43 Firmware Version < 1.0.10.110
Netgear ≫ Rax45 Firmware Version < 1.0.10.110
Netgear ≫ Rax48 Firmware Version < 1.0.10.110
Netgear ≫ Rax50 Firmware Version < 1.0.10.110
Netgear ≫ Rax50s Firmware Version < 1.0.10.110
Netgear ≫ Rax75 Firmware Version < 1.0.6.138
Netgear ≫ Rax80 Firmware Version < 1.0.6.138
Netgear ≫ Rs400 Firmware Version < 1.5.1.86
Netgear ≫ R7100lg Firmware Version < 1.0.0.76
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| zdi-disclosures@trendmicro.com | 6.3 | 2.8 | 3.4 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.