CVE-2022-27643

EPSS 4.65%
Published 29.03.2023 19:15:08
Last modified 21.11.2024 06:56:05
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ R6400 Firmware Version < 1.0.1.78

Netgear ≫ R6400 Version-

Netgear ≫ R6400 Firmware Version < 1.0.4.126

Netgear ≫ R6400 Versionv2

Netgear ≫ R6700 Firmware Version < 1.0.4.126

Netgear ≫ R6700 Versionv3

Netgear ≫ R6900p Firmware Version < 1.3.3.148

Netgear ≫ R6900p Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.134

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version < 1.3.3.148

Netgear ≫ R7000p Version-

Netgear ≫ R7850 Firmware Version < 1.0.5.84

Netgear ≫ R7850 Version-

Netgear ≫ R7900p Firmware Version < 1.4.3.88

Netgear ≫ R7900p Version-

Netgear ≫ R7960p Firmware Version < 1.4.3.88

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.84

Netgear ≫ R8000 Version-

Netgear ≫ R8000p Firmware Version < 1.4.3.88

Netgear ≫ R8000p Version-

Netgear ≫ R8500 Firmware Version < 1.0.2.158

Netgear ≫ R8500 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.6.138

Netgear ≫ Rax200 Version-

Netgear ≫ Rax75 Firmware Version < 1.0.6.138

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.6.138

Netgear ≫ Rax80 Version-

Netgear ≫ Rs400 Firmware Version < 1.5.1.86

Netgear ≫ Rs400 Version-

Netgear ≫ R7100lg Firmware Version < 1.0.0.76

Netgear ≫ R7100lg Version-

Netgear ≫ Wndr3400 Firmware Version < 1.0.1.44

Netgear ≫ Wndr3400 Versionv3

Netgear ≫ Wnr3500l Firmware Version < 1.2.0.72

Netgear ≫ Wnr3500l Versionv2

Netgear ≫ Xr300 Firmware Version < 1.0.3.72

Netgear ≫ Xr300 Version-

Netgear ≫ Dc112a Firmware Version < 1.0.0.64

Netgear ≫ Dc112a Version-

Netgear ≫ D6220 Firmware Version < 1.0.0.80

Netgear ≫ D6220 Version-

Netgear ≫ D6400 Firmware Version < 1.0.0.114

Netgear ≫ D6400 Version-

Netgear ≫ Ex3700 Firmware Version < 1.0.0.96

Netgear ≫ Ex3700 Version-

Netgear ≫ Ex3800 Firmware Version < 1.0.0.96

Netgear ≫ Ex3800 Version-

Netgear ≫ Ex6120 Firmware Version < 1.0.0.68

Netgear ≫ Ex6120 Version-

Netgear ≫ Ex6130 Firmware Version < 1.0.0.48

Netgear ≫ Ex6130 Version-

Netgear ≫ D7000v2 Firmware Version < 1.0.0.80

Netgear ≫ D7000v2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.65%	0.889

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-519/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-27643

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27643

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27643

EUVD