HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-27645

CVSS 8.8v3.1pub. 2023-03-29upd. 2024-11-21

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Lax20

    HW
    Netgear
    wszystkie wersje
  • Netgear Lax20 Firmware

    OS
    Netgear
    < 1.1.6.34
  • Netgear R6400

    HW
    Netgear
    v2
  • Netgear R6400 Firmware

    OS
    Netgear
    < 1.0.4.126
  • Netgear R6700

    HW
    Netgear
    v3
  • Netgear R6700 Firmware

    OS
    Netgear
    < 1.0.4.126
  • Netgear R7000

    HW
    Netgear
    wszystkie wersje
  • Netgear R7000 Firmware

    OS
    Netgear
    < 1.0.11.134
  • Netgear R7850

    HW
    Netgear
    wszystkie wersje
  • Netgear R7850 Firmware

    OS
    Netgear
    < 1.0.5.84
  • Netgear R7900p

    HW
    Netgear
    wszystkie wersje
  • Netgear R7900p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R7960p

    HW
    Netgear
    wszystkie wersje
  • Netgear R7960p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R8000

    HW
    Netgear
    wszystkie wersje
  • Netgear R8000 Firmware

    OS
    Netgear
    < 1.0.4.84
  • Netgear R8000p

    HW
    Netgear
    wszystkie wersje
  • Netgear R8000p Firmware

    OS
    Netgear
    < 1.4.3.88
  • Netgear R8500

    HW
    Netgear
    wszystkie wersje
  • Netgear R8500 Firmware

    OS
    Netgear
    < 1.0.2.158
  • Netgear Rax15

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax15 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax20

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax200

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax200 Firmware

    OS
    Netgear
    < 1.0.6.138
  • Netgear Rax20 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax35

    HW
    Netgear
    v2
  • Netgear Rax35 Firmware

    OS
    Netgear
    < 1.0.10.110
  • Netgear Rax38

    HW
    Netgear
    v2
  • Netgear Rax38 Firmware

    OS
    Netgear
    < 1.0.10.110
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-57232CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 via parametr ifname

CVE-2024-57231CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear RAX5 V1.0.2.26 via parametr ifname

CVE-2024-57229CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 poprzez parametr devname

CVE-2024-57230CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr ifname

CVE-2024-57233CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze NETGEAR RAX5 przez parametr iface