Vulnerability Details CVE-2022-27641
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.4%
CVSS Severity
CVSS v3 Score 8.8
References
- https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278
- https://www.zerodayinitiative.com/advisories/ZDI-22-544/
- https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278
- https://www.zerodayinitiative.com/advisories/ZDI-22-544/
Products affected by CVE-2022-27641
-
cpe:2.3:h:netgear:d7800:-
-
cpe:2.3:h:netgear:ex6200:v2
-
cpe:2.3:h:netgear:ex8000:-
-
cpe:2.3:h:netgear:r6220:-
-
cpe:2.3:h:netgear:r6230:-
-
cpe:2.3:h:netgear:r6400:v2
-
cpe:2.3:h:netgear:r6700:v3
-
cpe:2.3:h:netgear:r7000:-
-
cpe:2.3:h:netgear:r7800:-
-
cpe:2.3:o:netgear:d7800_firmware:-
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.22
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.24
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.28
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.31
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.34
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.40
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.42
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.44
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.47
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.56
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.58
-
cpe:2.3:o:netgear:d7800_firmware:1.0.1.64
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.44
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.50
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.52
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.56
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.62
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.64
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.72
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.74
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.78
-
cpe:2.3:o:netgear:ex6200_firmware:1.0.1.82
-
cpe:2.3:o:netgear:ex8000_firmware:-
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.102
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.114
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.118
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.180
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.186
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.224
-
cpe:2.3:o:netgear:ex8000_firmware:1.0.1.232
-
cpe:2.3:o:netgear:r6220_firmware:-
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.100
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.104
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.110
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.46
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.50
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.60
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.64
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.66
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.68
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.80
-
cpe:2.3:o:netgear:r6220_firmware:1.1.0.86
-
cpe:2.3:o:netgear:r6230_firmware:-
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.100
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.104
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.110
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.80
-
cpe:2.3:o:netgear:r6230_firmware:1.1.0.86
-
cpe:2.3:o:netgear:r6400_firmware:-
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.12
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.18
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.24
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.32
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.36
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.42
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.50
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.52
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.62
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.62_1.0.41
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.68
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.70
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.74
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.76
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.78
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.18
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.34
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.44
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.46
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.56
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.66
-
cpe:2.3:o:netgear:r6400_firmware:1.0.4.84
-
cpe:2.3:o:netgear:r6400_firmware:1.0.4.98
-
cpe:2.3:o:netgear:r6700_firmware:-
-
cpe:2.3:o:netgear:r6700_firmware:1.0.0.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.22
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.36
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.48
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.6
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.66
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.8
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.120
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84_10.0.58
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.98
-
cpe:2.3:o:netgear:r7000_firmware:-
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.100
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.106
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.110
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.116
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.116_10.2.100
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.123
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.126
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.128
-
cpe:2.3:o:netgear:r7000_firmware:1.0.7.10
-
cpe:2.3:o:netgear:r7000_firmware:1.0.7.2_1.1.93
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.10
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.12
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.14
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.18
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.26
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.28
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.32
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.34
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.4
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.42
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.6
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.60
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.88
-
cpe:2.3:o:netgear:r7800_firmware:-
-
cpe:2.3:o:netgear:r7800_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.28
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.36
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.38
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.40
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.42
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.44
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.46
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.58
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.68
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.74
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.78
-
cpe:2.3:o:netgear:r7800_firmware:1.0.2.80