CVE-2022-27644

Summary

CVE	CVE-2022-27644
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-29 19:15:00 UTC
Updated	2023-04-05 15:22:00 UTC
Description	This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Risk And Classification

Problem Types: CWE-295

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Netgear	Cbr40	-	All	All	All
Operating System	Netgear	Cbr40 Firmware	All	All	All	All
Hardware	Netgear	Lbr1020	-	All	All	All
Operating System	Netgear	Lbr1020 Firmware	All	All	All	All
Hardware	Netgear	Lbr20	-	All	All	All
Operating System	Netgear	Lbr20 Firmware	All	All	All	All
Hardware	Netgear	R6400	v2	All	All	All
Operating System	Netgear	R6400 Firmware	All	All	All	All
Hardware	Netgear	R6700	v3	All	All	All
Operating System	Netgear	R6700 Firmware	All	All	All	All
Hardware	Netgear	R6900p	-	All	All	All
Operating System	Netgear	R6900p Firmware	All	All	All	All
Hardware	Netgear	R7000	-	All	All	All
Hardware	Netgear	R7000p	-	All	All	All
Operating System	Netgear	R7000p Firmware	All	All	All	All
Operating System	Netgear	R7000 Firmware	All	All	All	All
Hardware	Netgear	R7850	-	All	All	All
Operating System	Netgear	R7850 Firmware	All	All	All	All
Hardware	Netgear	R7960p	-	All	All	All
Operating System	Netgear	R7960p Firmware	All	All	All	All
Hardware	Netgear	R8000	-	All	All	All
Hardware	Netgear	R8000p	-	All	All	All
Operating System	Netgear	R8000p Firmware	All	All	All	All
Operating System	Netgear	R8000 Firmware	All	All	All	All
Hardware	Netgear	Rax200	-	All	All	All
Operating System	Netgear	Rax200 Firmware	All	All	All	All
Hardware	Netgear	Rax75	-	All	All	All
Operating System	Netgear	Rax75 Firmware	All	All	All	All
Hardware	Netgear	Rax80	-	All	All	All
Operating System	Netgear	Rax80 Firmware	All	All	All	All
Hardware	Netgear	Rbr10	-	All	All	All
Operating System	Netgear	Rbr10 Firmware	All	All	All	All
Hardware	Netgear	Rbr20	-	All	All	All
Operating System	Netgear	Rbr20 Firmware	All	All	All	All
Hardware	Netgear	Rbr40	-	All	All	All
Operating System	Netgear	Rbr40 Firmware	All	All	All	All
Hardware	Netgear	Rbr50	-	All	All	All
Operating System	Netgear	Rbr50 Firmware	All	All	All	All
Hardware	Netgear	Rbs10	-	All	All	All
Operating System	Netgear	Rbs10 Firmware	All	All	All	All
Hardware	Netgear	Rbs20	-	All	All	All
Operating System	Netgear	Rbs20 Firmware	All	All	All	All
Hardware	Netgear	Rbs40	-	All	All	All
Operating System	Netgear	Rbs40 Firmware	All	All	All	All
Hardware	Netgear	Rbs50	-	All	All	All
Operating System	Netgear	Rbs50 Firmware	All	All	All	All
Hardware	Netgear	Rs400	-	All	All	All
Operating System	Netgear	Rs400 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
ZDI-22-520 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0324 \| Answer \| NETGEAR Support	MISC	kb.netgear.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.