Vulnerability Details CVE-2022-27646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.9%
CVSS Severity
CVSS v3 Score 8.0
References
- https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324
- https://www.zerodayinitiative.com/advisories/ZDI-22-523/
- https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324
- https://www.zerodayinitiative.com/advisories/ZDI-22-523/
Products affected by CVE-2022-27646
-
cpe:2.3:h:netgear:cbr40:-
-
cpe:2.3:h:netgear:lbr1020:-
-
cpe:2.3:h:netgear:lbr20:-
-
cpe:2.3:h:netgear:r6400:v2
-
cpe:2.3:h:netgear:r6700:v3
-
cpe:2.3:h:netgear:r6900p:-
-
cpe:2.3:h:netgear:r7000:-
-
cpe:2.3:h:netgear:r7000p:-
-
cpe:2.3:h:netgear:r7850:-
-
cpe:2.3:h:netgear:r7960p:-
-
cpe:2.3:h:netgear:r8000:-
-
cpe:2.3:h:netgear:r8000p:-
-
cpe:2.3:h:netgear:rax200:-
-
cpe:2.3:h:netgear:rax75:-
-
cpe:2.3:h:netgear:rax80:-
-
cpe:2.3:h:netgear:rbr10:-
-
cpe:2.3:h:netgear:rbr20:-
-
cpe:2.3:h:netgear:rbr40:-
-
cpe:2.3:h:netgear:rbr50:-
-
cpe:2.3:h:netgear:rbs10:-
-
cpe:2.3:h:netgear:rbs20:-
-
cpe:2.3:h:netgear:rbs40:-
-
cpe:2.3:h:netgear:rbs50:-
-
cpe:2.3:h:netgear:rs400:-
-
cpe:2.3:o:netgear:cbr40_firmware:-
-
cpe:2.3:o:netgear:cbr40_firmware:2.3.5.12
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.10
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.14
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.24
-
cpe:2.3:o:netgear:lbr1020_firmware:2.6.5.20
-
cpe:2.3:o:netgear:lbr20_firmware:2.6.3.50
-
cpe:2.3:o:netgear:lbr20_firmware:2.6.5.32
-
cpe:2.3:o:netgear:r6400_firmware:-
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.12
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.18
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.24
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.32
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.36
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.42
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.50
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.52
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.62
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.62_1.0.41
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.68
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.70
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.74
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.76
-
cpe:2.3:o:netgear:r6400_firmware:1.0.1.78
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.18
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.30
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.34
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.44
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.46
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.56
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.60
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r6400_firmware:1.0.2.66
-
cpe:2.3:o:netgear:r6400_firmware:1.0.4.122
-
cpe:2.3:o:netgear:r6400_firmware:1.0.4.84
-
cpe:2.3:o:netgear:r6400_firmware:1.0.4.98
-
cpe:2.3:o:netgear:r6700_firmware:-
-
cpe:2.3:o:netgear:r6700_firmware:1.0.0.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.14
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.20
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.22
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.30
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.36
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.44
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.46
-
cpe:2.3:o:netgear:r6700_firmware:1.0.1.48
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.16
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.26
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.32
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.52
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.6
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.62
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.66
-
cpe:2.3:o:netgear:r6700_firmware:1.0.2.8
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.120
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.122
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.84_10.0.58
-
cpe:2.3:o:netgear:r6700_firmware:1.0.4.98
-
cpe:2.3:o:netgear:r6900p_firmware:-
-
cpe:2.3:o:netgear:r6900p_firmware:1.0.0.56
-
cpe:2.3:o:netgear:r6900p_firmware:1.0.0.58
-
cpe:2.3:o:netgear:r6900p_firmware:1.0.0.62
-
cpe:2.3:o:netgear:r6900p_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r6900p_firmware:1.2.0.22
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.0.18
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.0.20
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.0.8
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.1.26
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.1.44
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.1.64
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.2.124
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.2.126
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.2.132
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.2.134
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.2.34
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.3.140
-
cpe:2.3:o:netgear:r6900p_firmware:1.3.3.142
-
cpe:2.3:o:netgear:r7000_firmware:-
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.100
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.106
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.110
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.116
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.116_10.2.100
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.123
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.126
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.128
-
cpe:2.3:o:netgear:r7000_firmware:1.0.11.130
-
cpe:2.3:o:netgear:r7000_firmware:1.0.7.10
-
cpe:2.3:o:netgear:r7000_firmware:1.0.7.2_1.1.93
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.10
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.12
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.14
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.18
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.26
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.28
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.32
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.34
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.4
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.42
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.6
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.60
-
cpe:2.3:o:netgear:r7000_firmware:1.0.9.88
-
cpe:2.3:o:netgear:r7000p_firmware:-
-
cpe:2.3:o:netgear:r7000p_firmware:1.0.0.56
-
cpe:2.3:o:netgear:r7000p_firmware:1.0.0.58
-
cpe:2.3:o:netgear:r7000p_firmware:1.0.0.62
-
cpe:2.3:o:netgear:r7000p_firmware:1.0.0.86
-
cpe:2.3:o:netgear:r7000p_firmware:1.0.1.16
-
cpe:2.3:o:netgear:r7000p_firmware:1.2.0.22
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.0.18
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.0.20
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.0.8
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.1.26
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.1.44
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.1.64
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.124
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.126
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.126_10.1.66
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.132
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.134
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.2.34
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.3.140
-
cpe:2.3:o:netgear:r7000p_firmware:1.3.3.142
-
cpe:2.3:o:netgear:r7850_firmware:-
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.60
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.64
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.68
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.74
-
cpe:2.3:o:netgear:r7850_firmware:1.0.5.76
-
cpe:2.3:o:netgear:r7960p_firmware:-
-
cpe:2.3:o:netgear:r7960p_firmware:1.4.1.44
-
cpe:2.3:o:netgear:r7960p_firmware:1.4.1.50
-
cpe:2.3:o:netgear:r7960p_firmware:1.4.1.62
-
cpe:2.3:o:netgear:r7960p_firmware:1.4.1.66
-
cpe:2.3:o:netgear:r7960p_firmware:1.4.2.84
-
cpe:2.3:o:netgear:r8000_firmware:-
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.22
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.24
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.26
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.32
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.36
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.44
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.46
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.48
-
cpe:2.3:o:netgear:r8000_firmware:1.0.3.54
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.12
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.18
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.2
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.28
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.4
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.46
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.4_1.1.42
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.52
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.56
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.58
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.62
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.66
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.68
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.74
-
cpe:2.3:o:netgear:r8000_firmware:1.0.4.76
-
cpe:2.3:o:netgear:r8000p_firmware:-
-
cpe:2.3:o:netgear:r8000p_firmware:1.1.4.6
-
cpe:2.3:o:netgear:r8000p_firmware:1.1.5.14
-
cpe:2.3:o:netgear:r8000p_firmware:1.3.0.10
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.0.10
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.24
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.30
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.42
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.50
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.62
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.1.66
-
cpe:2.3:o:netgear:r8000p_firmware:1.4.2.84
-
cpe:2.3:o:netgear:rax200_firmware:-
-
cpe:2.3:o:netgear:rax200_firmware:1.0.1.12
-
cpe:2.3:o:netgear:rax200_firmware:1.0.2.102
-
cpe:2.3:o:netgear:rax200_firmware:1.0.3.106
-
cpe:2.3:o:netgear:rax200_firmware:1.0.4.120
-
cpe:2.3:o:netgear:rax200_firmware:1.0.5.126
-
cpe:2.3:o:netgear:rax200_firmware:1.0.5.132
-
cpe:2.3:o:netgear:rax200_firmware:1.0.5.24
-
cpe:2.3:o:netgear:rax75_firmware:-
-
cpe:2.3:o:netgear:rax75_firmware:1.0.1.62
-
cpe:2.3:o:netgear:rax75_firmware:1.0.3.102
-
cpe:2.3:o:netgear:rax75_firmware:1.0.3.106
-
cpe:2.3:o:netgear:rax75_firmware:1.0.4.120
-
cpe:2.3:o:netgear:rax75_firmware:1.0.5.126
-
cpe:2.3:o:netgear:rax75_firmware:1.0.5.132
-
cpe:2.3:o:netgear:rax80_firmware:-
-
cpe:2.3:o:netgear:rax80_firmware:1.0.1.40
-
cpe:2.3:o:netgear:rax80_firmware:1.0.1.62
-
cpe:2.3:o:netgear:rax80_firmware:1.0.3.102
-
cpe:2.3:o:netgear:rax80_firmware:1.0.3.106
-
cpe:2.3:o:netgear:rax80_firmware:1.0.3.88
-
cpe:2.3:o:netgear:rax80_firmware:1.0.4.120
-
cpe:2.3:o:netgear:rax80_firmware:1.0.5.132
-
cpe:2.3:o:netgear:rbr10_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbr10_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbr20_firmware:-
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbr20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr20_firmware:2.6.1.36
-
cpe:2.3:o:netgear:rbr20_firmware:2.6.2.104
-
cpe:2.3:o:netgear:rbr20_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbr40_firmware:-
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbr40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr40_firmware:2.6.1.36
-
cpe:2.3:o:netgear:rbr40_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbr40_firmware:2.6.2.104
-
cpe:2.3:o:netgear:rbr40_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbr50_firmware:-
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbr50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbr50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbr50_firmware:2.6.1.40
-
cpe:2.3:o:netgear:rbr50_firmware:2.7.2.102
-
cpe:2.3:o:netgear:rbr50_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbs10_firmware:2.6.1.44
-
cpe:2.3:o:netgear:rbs10_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbs20_firmware:-
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs20_firmware:2.3.5.26
-
cpe:2.3:o:netgear:rbs20_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs20_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbs20_firmware:2.6.2.104
-
cpe:2.3:o:netgear:rbs20_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbs40_firmware:-
-
cpe:2.3:o:netgear:rbs40_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.0.28
-
cpe:2.3:o:netgear:rbs40_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs40_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs40_firmware:2.6.1.38
-
cpe:2.3:o:netgear:rbs40_firmware:2.6.2.104
-
cpe:2.3:o:netgear:rbs40_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rbs50_firmware:-
-
cpe:2.3:o:netgear:rbs50_firmware:2.1.4.10
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.22
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.0.32
-
cpe:2.3:o:netgear:rbs50_firmware:2.3.5.30
-
cpe:2.3:o:netgear:rbs50_firmware:2.5.1.16
-
cpe:2.3:o:netgear:rbs50_firmware:2.6.1.40
-
cpe:2.3:o:netgear:rbs50_firmware:2.7.2.102
-
cpe:2.3:o:netgear:rbs50_firmware:2.7.3.22
-
cpe:2.3:o:netgear:rs400_firmware:-
-
cpe:2.3:o:netgear:rs400_firmware:1.5.0.48
-
cpe:2.3:o:netgear:rs400_firmware:1.5.0.68
-
cpe:2.3:o:netgear:rs400_firmware:1.5.1.80