8

CVE-2022-27647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearCax80 Firmware Version < 2.1.3.7
   NetgearCax80 Version-
NetgearLax20 Firmware Version < 1.1.6.34
   NetgearLax20 Version-
NetgearMr60 Firmware Version < 1.1.6.124
   NetgearMr60 Version-
NetgearMr80 Firmware Version < 1.1.6.14
   NetgearMr80 Version-
NetgearMs60 Firmware Version < 1.1.6.124
   NetgearMs60 Version-
NetgearMs80 Firmware Version < 1.1.6.14
   NetgearMs80 Version-
NetgearR6400 Firmware Version < 1.0.1.78
   NetgearR6400 Version-
NetgearR6400 Firmware Version < 1.0.4.126
   NetgearR6400 Versionv2
NetgearR6700 Firmware Version < 1.0.4.126
   NetgearR6700 Versionv3
NetgearR6900p Firmware Version < 1.3.3.148
   NetgearR6900p Version-
NetgearR7000 Firmware Version < 1.0.11.134
   NetgearR7000 Version-
NetgearR7000p Firmware Version < 1.3.3.148
   NetgearR7000p Version-
NetgearR7850 Firmware Version < 1.0.5.84
   NetgearR7850 Version-
NetgearR7900p Firmware Version < 1.4.3.88
   NetgearR7900p Version-
NetgearR7960p Firmware Version < 1.4.3.88
   NetgearR7960p Version-
NetgearR8000 Firmware Version < 1.0.4.84
   NetgearR8000 Version-
NetgearR8000p Firmware Version < 1.4.3.88
   NetgearR8000p Version-
NetgearR8500 Firmware Version < 1.0.2.158
   NetgearR8500 Version-
NetgearRax15 Firmware Version < 1.0.10.110
   NetgearRax15 Version-
NetgearRax20 Firmware Version < 1.0.10.110
   NetgearRax20 Version-
NetgearRax200 Firmware Version < 1.0.6.138
   NetgearRax200 Version-
NetgearRax35 Firmware Version < 1.0.10.110
   NetgearRax35 Versionv2
NetgearRax38 Firmware Version < 1.0.10.110
   NetgearRax38 Versionv2
NetgearRax40 Firmware Version < 1.0.10.110
   NetgearRax40 Versionv2
NetgearRax42 Firmware Version < 1.0.10.110
   NetgearRax42 Version-
NetgearRax43 Firmware Version < 1.0.10.110
   NetgearRax43 Version-
NetgearRax45 Firmware Version < 1.0.10.110
   NetgearRax45 Version-
NetgearRax48 Firmware Version < 1.0.10.110
   NetgearRax48 Version-
NetgearRax50 Firmware Version < 1.0.10.110
   NetgearRax50 Version-
NetgearRax50s Firmware Version < 1.0.10.110
   NetgearRax50s Version-
NetgearRax75 Firmware Version < 1.0.6.138
   NetgearRax75 Version-
NetgearRax80 Firmware Version < 1.0.6.138
   NetgearRax80 Version-
NetgearRs400 Firmware Version < 1.5.1.86
   NetgearRs400 Version-
NetgearR7100lg Firmware Version < 1.0.0.76
   NetgearR7100lg Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.204
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com 8 2.1 5.9
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.