8
CVE-2022-27647
- EPSS 0.06%
- Veröffentlicht 29.03.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:56:05
- Quelle zdi-disclosures@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Cax80 Firmware Version < 2.1.3.7
Netgear ≫ Lax20 Firmware Version < 1.1.6.34
Netgear ≫ Mr60 Firmware Version < 1.1.6.124
Netgear ≫ Mr80 Firmware Version < 1.1.6.14
Netgear ≫ Ms60 Firmware Version < 1.1.6.124
Netgear ≫ Ms80 Firmware Version < 1.1.6.14
Netgear ≫ R6400 Firmware Version < 1.0.1.78
Netgear ≫ R6400 Firmware Version < 1.0.4.126
Netgear ≫ R6700 Firmware Version < 1.0.4.126
Netgear ≫ R6900p Firmware Version < 1.3.3.148
Netgear ≫ R7000 Firmware Version < 1.0.11.134
Netgear ≫ R7000p Firmware Version < 1.3.3.148
Netgear ≫ R7850 Firmware Version < 1.0.5.84
Netgear ≫ R7900p Firmware Version < 1.4.3.88
Netgear ≫ R7960p Firmware Version < 1.4.3.88
Netgear ≫ R8000 Firmware Version < 1.0.4.84
Netgear ≫ R8000p Firmware Version < 1.4.3.88
Netgear ≫ R8500 Firmware Version < 1.0.2.158
Netgear ≫ Rax15 Firmware Version < 1.0.10.110
Netgear ≫ Rax20 Firmware Version < 1.0.10.110
Netgear ≫ Rax200 Firmware Version < 1.0.6.138
Netgear ≫ Rax35 Firmware Version < 1.0.10.110
Netgear ≫ Rax38 Firmware Version < 1.0.10.110
Netgear ≫ Rax40 Firmware Version < 1.0.10.110
Netgear ≫ Rax42 Firmware Version < 1.0.10.110
Netgear ≫ Rax43 Firmware Version < 1.0.10.110
Netgear ≫ Rax45 Firmware Version < 1.0.10.110
Netgear ≫ Rax48 Firmware Version < 1.0.10.110
Netgear ≫ Rax50 Firmware Version < 1.0.10.110
Netgear ≫ Rax50s Firmware Version < 1.0.10.110
Netgear ≫ Rax75 Firmware Version < 1.0.6.138
Netgear ≫ Rax80 Firmware Version < 1.0.6.138
Netgear ≫ Rs400 Firmware Version < 1.5.1.86
Netgear ≫ R7100lg Firmware Version < 1.0.0.76
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.06% | 0.204 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
zdi-disclosures@trendmicro.com | 8 | 2.1 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.