HIGH✓ PATCH🇬🇧 English

CVE-2022-27645

CVSS 8.8v3.1pub. 2023-03-29upd. 2024-11-21

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Lax20

    HW
    Netgear
    wszystkie wersje
  • Netgear Lax20 Firmware

    OS
    Netgear
    < 1.1.6.34
  • Netgear R6400

    HW
    Netgear
    v2
  • Netgear R6400 Firmware

    OS
    Netgear
    < 1.0.4.126
  • Netgear R6700

    HW
    Netgear
    v3
  • Netgear R6700 Firmware

    OS
    Netgear
    < 1.0.4.126
  • Netgear R7000

    HW
    Netgear
    wszystkie wersje
  • Netgear R7000 Firmware

    OS
    Netgear
    < 1.0.11.134
  • Netgear R7850

    HW
    Netgear
    wszystkie wersje
  • Netgear R7850 Firmware

    OS
    Netgear
    < 1.0.5.84
  • Netgear R7900p

    HW
    Netgear
    wszystkie wersje
  • Netgear R7900p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R7960p

    HW
    Netgear
    wszystkie wersje
  • Netgear R7960p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R8000

    HW
    Netgear
    wszystkie wersje
  • Netgear R8000 Firmware

    OS
    Netgear
    < 1.0.4.84
  • Netgear R8000p

    HW
    Netgear
    wszystkie wersje
  • Netgear R8000p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R8500

    HW
    Netgear
    wszystkie wersje
  • Netgear R8500 Firmware

    OS
    Netgear
    < 1.0.2.158
  • Netgear Rax15

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax15 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax20

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax200

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax200 Firmware

    OS
    Netgear
    < 1.0.6.138
  • Netgear Rax20 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax35

    HW
    Netgear
    v2
  • Netgear Rax35 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax38

    HW
    Netgear
    v2
  • Netgear Rax38 Firmware

    OS
    Netgear
    < 1.0.10.110
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-57232CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname

CVE-2024-57231CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear RAX5 V1.0.2.26 via parametr ifname

CVE-2024-57229CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 poprzez parametr devname

CVE-2024-57230CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr ifname

CVE-2024-57233CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr iface