Vulnerabilites related to netgear - rax38
var-202112-0541
Vulnerability from variot
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks.
Netgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0541", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, { model: "rax38", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, { model: "rax40", scope: "lt", trust: 0.6, vendor: "netgear", version: "v1.0.4.102", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, cve: "CVE-2021-41449", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CVE-2021-41449", impactScore: 4.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2021-102000", impactScore: 4.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, id: "CVE-2021-41449", impactScore: 5.2, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.1, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-41449", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-41449", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-41449", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-102000", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-202112-732", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-41449", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. \n\r\n\r\nNetgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles", sources: [ { db: "NVD", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41449", trust: 3.9, }, { db: "JVNDB", id: "JVNDB-2021-016141", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-102000", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202112-732", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-41449", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, id: "VAR-202112-0541", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, ], trust: 0.8276160566666666, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, ], }, last_update_date: "2024-11-23T22:10:57.447000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Path Traversal on Some Routers, PSV-2021-0268", trust: 0.8, url: "https://www.netgear.com/", }, { title: "Patch for Netgear Access Control Error Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/310031", }, { title: "Netgear Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174228", }, { title: "", trust: 0.1, url: "https://github.com/efchatz/easy-exploits ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://netgear.com", }, { trust: 1.7, url: "https://kb.netgear.com/000064405/security-advisory-for-path-traversal-on-some-routers-psv-2021-0268", }, { trust: 1.7, url: "https://www.netgear.com/about/security/", }, { trust: 1.7, url: "http://rax40.com", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41449", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/efchatz/easy-exploits", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-102000", }, { db: "VULMON", id: "CVE-2021-41449", }, { db: "JVNDB", id: "JVNDB-2021-016141", }, { db: "CNNVD", id: "CNNVD-202112-732", }, { db: "NVD", id: "CVE-2021-41449", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-24T00:00:00", db: "CNVD", id: "CNVD-2021-102000", }, { date: "2021-12-09T00:00:00", db: "VULMON", id: "CVE-2021-41449", }, { date: "2022-12-07T00:00:00", db: "JVNDB", id: "JVNDB-2021-016141", }, { date: "2021-12-09T00:00:00", db: "CNNVD", id: "CNNVD-202112-732", }, { date: "2021-12-09T14:15:12.563000", db: "NVD", id: "CVE-2021-41449", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-24T00:00:00", db: "CNVD", id: "CNVD-2021-102000", }, { date: "2021-12-13T00:00:00", db: "VULMON", id: "CVE-2021-41449", }, { date: "2022-12-07T05:58:00", db: "JVNDB", id: "JVNDB-2021-016141", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202112-732", }, { date: "2024-11-21T06:26:16.017000", db: "NVD", id: "CVE-2021-41449", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202112-732", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Netgear Path Traversal Vulnerability in Routers", sources: [ { db: "JVNDB", id: "JVNDB-2021-016141", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202112-732", }, ], trust: 0.6, }, }
var-202203-1671
Vulnerability from variot
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1671", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "mr80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "ms80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "cax80", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.3.7", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Bugscale team", sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 1.3, }, cve: "CVE-2022-27647", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.1, id: "CVE-2022-27647", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27647", trust: 1, value: "HIGH", }, { author: "nvd@nist.gov", id: "CVE-2022-27647", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27647", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27647", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2064", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27647", trust: 4, }, { db: "ZDI", id: "ZDI-22-524", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-022073", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15874", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2064", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27647", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, id: "VAR-202203-1671", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3421560347368421, }, last_update_date: "2024-08-14T13:42:56.011000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { title: "NETGEAR R6700v3 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=231217", }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-524/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27647", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27647/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-524", }, { db: "VULMON", id: "CVE-2022-27647", }, { db: "JVNDB", id: "JVNDB-2022-022073", }, { db: "CNNVD", id: "CNNVD-202203-2064", }, { db: "NVD", id: "CVE-2022-27647", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-524", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27647", }, { date: "2023-11-15T00:00:00", db: "JVNDB", id: "JVNDB-2022-022073", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2064", }, { date: "2023-03-29T19:15:08.773000", db: "NVD", id: "CVE-2022-27647", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-524", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27647", }, { date: "2023-11-15T03:22:00", db: "JVNDB", id: "JVNDB-2022-022073", }, { date: "2023-04-07T00:00:00", db: "CNNVD", id: "CNNVD-202203-2064", }, { date: "2023-04-06T15:05:39.393000", db: "NVD", id: "CVE-2022-27647", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "in multiple NETGEAR products. OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2022-022073", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202203-2064", }, ], trust: 0.6, }, }
var-202108-1632
Vulnerability from variot
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be in a state. This affects RAX35 prior to 1.0.3.94, RAX38 prior to 1.0.3.94, and RAX40 prior to 1.0.3.94
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1632", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.3.94", }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, cve: "CVE-2021-38526", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2021-38526", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-38526", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-38526", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-38526", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-38526", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-38526", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-38526", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202108-1002", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-38526", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be in a state. This affects RAX35 prior to 1.0.3.94, RAX38 prior to 1.0.3.94, and RAX40 prior to 1.0.3.94", sources: [ { db: "NVD", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "VULMON", id: "CVE-2021-38526", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-38526", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-010408", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202108-1002", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-38526", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, id: "VAR-202108-1632", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22761605666666665, }, last_update_date: "2024-08-14T15:01:20.855000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2020-0416", trust: 0.8, url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, { title: "Netgear NETGEAR Buffer error vulnerability fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159386", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000063782/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-psv-2020-0416", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-38526", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/120.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-38526", }, { db: "JVNDB", id: "JVNDB-2021-010408", }, { db: "CNNVD", id: "CNNVD-202108-1002", }, { db: "NVD", id: "CVE-2021-38526", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-11T00:00:00", db: "VULMON", id: "CVE-2021-38526", }, { date: "2022-06-30T00:00:00", db: "JVNDB", id: "JVNDB-2021-010408", }, { date: "2021-08-10T00:00:00", db: "CNNVD", id: "CNNVD-202108-1002", }, { date: "2021-08-11T00:16:14.140000", db: "NVD", id: "CVE-2021-38526", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-08-18T00:00:00", db: "VULMON", id: "CVE-2021-38526", }, { date: "2022-06-30T09:05:00", db: "JVNDB", id: "JVNDB-2021-010408", }, { date: "2021-08-19T00:00:00", db: "CNNVD", id: "CNNVD-202108-1002", }, { date: "2021-08-18T20:17:09.940000", db: "NVD", id: "CVE-2021-38526", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202108-1002", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Classic buffer overflow vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2021-010408", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202108-1002", }, ], trust: 0.6, }, }
var-202203-1669
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1669", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax200", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax45", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax43", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax42", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)", sources: [ { db: "ZDI", id: "ZDI-22-522", }, ], trust: 0.7, }, cve: "CVE-2022-27645", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27645", trust: 1, value: "HIGH", }, { author: "nvd@nist.gov", id: "CVE-2022-27645", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27645", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27645", trust: 0.7, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2062", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. LAX20 firmware, R6400 firmware, R6700 Multiple NETGEAR products, such as firmware, have vulnerabilities related to lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from incorrect string matching logic when accessing protected pages", sources: [ { db: "NVD", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27645", trust: 4, }, { db: "ZDI", id: "ZDI-22-522", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-022071", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15762", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2062", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27645", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, id: "VAR-202203-1669", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3529194792857143, }, last_update_date: "2024-08-14T13:42:56.044000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { title: "NETGEAR R6700v3 Fixes for access control error vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=235321", }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-697", trust: 1, }, { problemtype: "CWE-306", trust: 1, }, { problemtype: "Lack of authentication for critical features (CWE-306) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064722/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-fixed-wireless-products-psv-2021-0325", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-522/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27645", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27645/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/863.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-522", }, { db: "VULMON", id: "CVE-2022-27645", }, { db: "JVNDB", id: "JVNDB-2022-022071", }, { db: "CNNVD", id: "CNNVD-202203-2062", }, { db: "NVD", id: "CVE-2022-27645", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-522", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27645", }, { date: "2023-11-15T00:00:00", db: "JVNDB", id: "JVNDB-2022-022071", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2062", }, { date: "2023-03-29T19:15:08.637000", db: "NVD", id: "CVE-2022-27645", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-522", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27645", }, { date: "2023-11-15T03:22:00", db: "JVNDB", id: "JVNDB-2022-022071", }, { date: "2023-05-04T00:00:00", db: "CNNVD", id: "CNNVD-202203-2062", }, { date: "2023-04-28T21:15:08.350000", db: "NVD", id: "CVE-2022-27645", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2062", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vulnerability related to lack of authentication for important functions in multiple NETGEAR products", sources: [ { db: "JVNDB", id: "JVNDB-2022-022071", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202203-2062", }, ], trust: 0.6, }, }
var-202112-2228
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. RAX35 , RAX38 , RAX40 There is a vulnerability related to information leakage.Information may be obtained. This affects RAX35 prior to 1.0.4.102, RAX38 prior to 1.0.4.102, and RAX40 prior to 1.0.4.102
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-2228", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.102", }, { model: "rax38", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax35", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax40", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, cve: "CVE-2021-45493", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-45493", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-45493", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "cve@mitre.org", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2021-45493", impactScore: 4.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-45493", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-45493", trust: 1, value: "HIGH", }, { author: "cve@mitre.org", id: "CVE-2021-45493", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-45493", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-202112-2280", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-45493", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. RAX35 , RAX38 , RAX40 There is a vulnerability related to information leakage.Information may be obtained. This affects RAX35 prior to 1.0.4.102, RAX38 prior to 1.0.4.102, and RAX40 prior to 1.0.4.102", sources: [ { db: "NVD", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "VULMON", id: "CVE-2021-45493", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45493", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2021-016877", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202112-2280", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-45493", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, id: "VAR-202112-2228", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22761605666666665, }, last_update_date: "2024-11-23T22:10:56.905000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Security Advisory for Admin Credential Disclosure on Some Routers, PSV-2019-0293", trust: 0.8, url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, { title: "Netgear NETGEAR Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177046", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1, }, { problemtype: "information leak (CWE-200) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://kb.netgear.com/000064453/security-advisory-for-admin-credential-disclosure-on-some-routers-psv-2019-0293", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45493", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2021-45493", }, { db: "JVNDB", id: "JVNDB-2021-016877", }, { db: "CNNVD", id: "CNNVD-202112-2280", }, { db: "NVD", id: "CVE-2021-45493", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-26T00:00:00", db: "VULMON", id: "CVE-2021-45493", }, { date: "2022-12-26T00:00:00", db: "JVNDB", id: "JVNDB-2021-016877", }, { date: "2021-12-25T00:00:00", db: "CNNVD", id: "CNNVD-202112-2280", }, { date: "2021-12-26T01:15:12.537000", db: "NVD", id: "CVE-2021-45493", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-04T00:00:00", db: "VULMON", id: "CVE-2021-45493", }, { date: "2022-12-26T02:18:00", db: "JVNDB", id: "JVNDB-2021-016877", }, { date: "2022-01-05T00:00:00", db: "CNNVD", id: "CNNVD-202112-2280", }, { date: "2024-11-21T06:32:20.090000", db: "NVD", id: "CVE-2021-45493", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202112-2280", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural NETGEAR Device information disclosure vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-016877", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202112-2280", }, ], trust: 0.6, }, }
var-202203-1668
Vulnerability from variot
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1668", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "lax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.34", }, { model: "r6700", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax42", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.126", }, { model: "rax50s", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax48", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r6400", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.1.78", }, { model: "r7960p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r8000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r7100lg", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.0.76", }, { model: "rax75", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "mr80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "ms80", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.14", }, { model: "mr60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "rax80", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "r7850", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.5.84", }, { model: "rax40", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rs400", scope: "lt", trust: 1, vendor: "netgear", version: "1.5.1.86", }, { model: "r8500", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.2.158", }, { model: "rax20", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "ms60", scope: "lt", trust: 1, vendor: "netgear", version: "1.1.6.124", }, { model: "r7000p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax38", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.11.134", }, { model: "r7900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.4.3.88", }, { model: "r6900p", scope: "lt", trust: 1, vendor: "netgear", version: "1.3.3.148", }, { model: "rax43", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "cax80", scope: "lt", trust: 1, vendor: "netgear", version: "2.1.3.7", }, { model: "r8000", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.4.84", }, { model: "rax50", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax15", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax200", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.6.138", }, { model: "rax35", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "rax45", scope: "lt", trust: 1, vendor: "netgear", version: "1.0.10.110", }, { model: "r7960p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "lax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7850", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6400", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8500", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "mr60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax20", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "cax80", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "ms60", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7900p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r7000", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "rax15", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r8000p", scope: null, trust: 0.8, vendor: "ネットギア", version: null, }, { model: "r6700v3", scope: null, trust: 0.7, vendor: "netgear", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Bugscale team", sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 1.3, }, cve: "CVE-2022-27642", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "zdi-disclosures@trendmicro.com", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2022-27642", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ZDI", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2022-27642", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "zdi-disclosures@trendmicro.com", id: "CVE-2022-27642", trust: 1, value: "MEDIUM", }, { author: "nvd@nist.gov", id: "CVE-2022-27642", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2022-27642", trust: 0.8, value: "High", }, { author: "ZDI", id: "CVE-2022-27642", trust: 0.7, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202203-2054", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854. cax80 firmware, LAX20 firmware, MR60 Multiple Netgear products, including firmware, contain vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-27642", trust: 4, }, { db: "ZDI", id: "ZDI-22-518", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2022-021793", trust: 0.8, }, { db: "ZDI_CAN", id: "ZDI-CAN-15854", trust: 0.7, }, { db: "CS-HELP", id: "SB2022032410", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2054", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-27642", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, id: "VAR-202203-1668", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3421560347368421, }, last_update_date: "2024-08-14T13:42:55.887000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "NETGEAR has issued an update to correct this vulnerability.", trust: 0.7, url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { title: "NETGEAR R6700v3 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=232028", }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-863", trust: 1, }, { problemtype: "Illegal authentication (CWE-863) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.2, url: "https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327", }, { trust: 3.2, url: "https://www.zerodayinitiative.com/advisories/zdi-22-518/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2022-27642", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-27642/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022032410", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/863.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-22-518", }, { db: "VULMON", id: "CVE-2022-27642", }, { db: "JVNDB", id: "JVNDB-2022-021793", }, { db: "CNNVD", id: "CNNVD-202203-2054", }, { db: "NVD", id: "CVE-2022-27642", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-518", }, { date: "2023-03-29T00:00:00", db: "VULMON", id: "CVE-2022-27642", }, { date: "2023-11-14T00:00:00", db: "JVNDB", id: "JVNDB-2022-021793", }, { date: "2022-03-23T00:00:00", db: "CNNVD", id: "CNNVD-202203-2054", }, { date: "2023-03-29T19:15:08.407000", db: "NVD", id: "CVE-2022-27642", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-03-23T00:00:00", db: "ZDI", id: "ZDI-22-518", }, { date: "2023-03-30T00:00:00", db: "VULMON", id: "CVE-2022-27642", }, { date: "2023-11-14T04:15:00", db: "JVNDB", id: "JVNDB-2022-021793", }, { date: "2023-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202203-2054", }, { date: "2023-04-05T14:53:25.610000", db: "NVD", id: "CVE-2022-27642", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Incorrect authentication vulnerability in multiple Netgear products", sources: [ { db: "JVNDB", id: "JVNDB-2022-021793", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202203-2054", }, ], trust: 0.6, }, }
cve-2021-38526
Vulnerability from cvelistv5
Published
2021-08-11 00:01
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-11T00:01:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "ADJACENT", availabilityImpact: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:A/A:L/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", refsource: "MISC", url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38526", datePublished: "2021-08-11T00:01:17", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-04T01:44:23.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27358
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-502/ | x_research-advisory | |
| https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349 | vendor-advisory |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:netgear:rax30_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax30_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax35_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax35_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax38_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax38_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:rax40_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rax40_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:netgear:raxe300_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "raxe300_firmware", vendor: "netgear", versions: [ { lessThan: "1.0.10.94", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-27358", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T15:39:54.731083Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T15:50:11.494Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T12:09:43.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ZDI-23-502", tags: [ "x_research-advisory", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", "x_transferred", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "RAX30", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.9.90_3", }, ], }, ], dateAssigned: "2023-02-28T12:05:54.080-06:00", datePublic: "2023-05-01T16:31:16.216-05:00", descriptions: [ { lang: "en", value: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T01:56:10.655Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { name: "ZDI-23-502", tags: [ "x_research-advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { name: "vendor-provided URL", tags: [ "vendor-advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, ], source: { lang: "en", value: "Interrupt Labs", }, title: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2023-27358", datePublished: "2024-05-03T01:56:10.655Z", dateReserved: "2023-02-28T17:58:45.482Z", dateUpdated: "2024-08-02T12:09:43.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45493
Vulnerability from cvelistv5
Published
2021-12-26 01:04
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T01:04:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45493", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", refsource: "MISC", url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45493", datePublished: "2021-12-26T01:04:53", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:39:21.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27647
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:41
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27647", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:40:25.890386Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:41:07.125Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Bugscale team", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27647", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:41:07.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27645
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:47
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27645", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:47:46.916392Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:47:52.653Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-28T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27645", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:47:52.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27642
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 17:49
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { tags: [ "x_transferred", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27642", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T17:49:46.824954Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T17:49:51.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "R6700v3", vendor: "NETGEAR", versions: [ { status: "affected", version: "1.0.4.120_10.0.91", }, ], }, ], credits: [ { lang: "en", value: "Bugscale team", }, ], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863: Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, ], }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2022-27642", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-03-22T00:00:00.000Z", dateUpdated: "2025-02-18T17:49:51.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41449
Vulnerability from cvelistv5
Published
2021-12-09 13:05
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://netgear.com | x_refsource_MISC | |
| https://www.netgear.com/about/security/ | x_refsource_MISC | |
| http://rax40.com | x_refsource_MISC | |
| https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:28.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://netgear.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rax40.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-09T13:05:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://netgear.com", }, { tags: [ "x_refsource_MISC", ], url: "https://www.netgear.com/about/security/", }, { tags: [ "x_refsource_MISC", ], url: "http://rax40.com", }, { tags: [ "x_refsource_MISC", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://netgear.com", refsource: "MISC", url: "http://netgear.com", }, { name: "https://www.netgear.com/about/security/", refsource: "MISC", url: "https://www.netgear.com/about/security/", }, { name: "http://rax40.com", refsource: "MISC", url: "http://rax40.com", }, { name: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", refsource: "MISC", url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41449", datePublished: "2021-12-09T13:05:13", dateReserved: "2021-09-20T00:00:00", dateUpdated: "2024-08-04T03:15:28.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2", versionEndExcluding: "2.1.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*", matchCriteriaId: "673A83EA-E359-4629-8B20-5382C15260B2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A72582A2-5A44-4ED5-8497-FCAB59A125BE", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", matchCriteriaId: "2A086E76-3F23-4C21-AC96-F11372A8A186", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F50C923-68DC-48EB-A41B-0D3F99B16E1F", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95E44445-7F76-4CD6-91AC-CEBC46DFA587", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", matchCriteriaId: "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A41218DC-3A06-4582-A8B8-0320F76F3DFC", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B98293B5-C804-4ED5-8344-12AA02E933CB", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.", }, ], id: "CVE-2022-27642", lastModified: "2024-11-21T06:56:04.887", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.407", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-518/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-09 14:15
Modified
2024-11-21 06:26
Severity ?
Summary
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2DB747-540A-4C65-9729-0104357CA87A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "466B8B30-1D65-4A02-956C-D377B554025D", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99167432-45E7-4E21-9804-3C7FF8AD106A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.", }, { lang: "es", value: "Un ataque de salto de ruta en las interfaces web de los routers Netgear RAX35, RAX38 y RAX40 versiones anteriores a v1.0.4.102, permite a un atacante remoto no autenticado conseguir acceso a información confidencial restringida, como archivos prohibidos de la aplicación web, por medio del envío de un paquete HTTP especialmente diseñado", }, ], id: "CVE-2021-41449", lastModified: "2024-11-21T06:26:16.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-09T14:15:12.563", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://netgear.com", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://rax40.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://netgear.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://rax40.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netgear.com/about/security/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-03 02:15
Modified
2025-01-09 15:37
Severity ?
Summary
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax30_firmware | * | |
| netgear | rax30 | - | |
| netgear | raxe300_firmware | * | |
| netgear | raxe300 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "94C6B573-5355-47EE-A262-E15AE88F8DDB", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", matchCriteriaId: "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:raxe300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FFB9D62-BB6B-4706-876C-1056F659D4A2", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:raxe300:-:*:*:*:*:*:*:*", matchCriteriaId: "BD3BE955-696E-41D6-B281-1473EC803803", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D340B311-1788-43BB-BD13-6AABCA720A25", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C30EEA0B-BB23-4860-AD57-DCD7EFBAE7DC", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97647327-6F08-40B8-8F48-04681E494676", versionEndExcluding: "1.0.10.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de inyección SQL de solicitud SOAP de NETGEAR RAX30. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en instalaciones afectadas de enrutadores NETGEAR RAX30. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe en el manejo de solicitudes SOAP específicas. El problema se debe a la falta de validación adecuada de una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar código arbitrario en el contexto de la cuenta de servicio. Era ZDI-CAN-19754.", }, ], id: "CVE-2023-27358", lastModified: "2025-01-09T15:37:04.203", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-03T02:15:13.673", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-502/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-11 00:16
Modified
2024-11-21 06:17
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35818150-8A74-466E-8BAE-85843BAF892D", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "78046B14-380D-4A14-842E-EB399718F329", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E75474DC-F025-4CB5-9ABD-2FEB024283C0", versionEndExcluding: "1.0.3.94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer por un atacante no autenticado. Esto afecta a RAX35 versiones anteriores a 1.0.3.94, RAX38 versiones anteriores a 1.0.3.94 y RAX40 versiones anteriores a 1.0.3.94", }, ], id: "CVE-2021-38526", lastModified: "2024-11-21T06:17:20.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-11T00:16:14.140", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000063782/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0416", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-26 01:15
Modified
2024-11-21 06:32
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rax35_firmware | * | |
| netgear | rax35 | - | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | - | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F2DB747-540A-4C65-9729-0104357CA87A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", matchCriteriaId: "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "466B8B30-1D65-4A02-956C-D377B554025D", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*", matchCriteriaId: "BDA02FAE-E0C9-402F-9E7D-69EEDCC80053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99167432-45E7-4E21-9804-3C7FF8AD106A", versionEndExcluding: "1.0.4.102", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", matchCriteriaId: "13D54346-4B03-4296-B050-04EB8CFCA732", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.", }, { lang: "es", value: "Determinados dispositivos NETGEAR están afectados por una divulgación de credenciales administrativas. Esto afecta a RAX35 versiones anteriores a 1.0.4.102, RAX38 versiones anteriores a 1.0.4.102 y RAX40 versiones anteriores a 1.0.4.102", }, ], id: "CVE-2021-45493", lastModified: "2024-11-21T06:32:20.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-26T01:15:12.537", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | lax20_firmware | * | |
| netgear | lax20 | - | |
| netgear | r6400_firmware | * | |
| netgear | r6400 | v2 | |
| netgear | r6700_firmware | * | |
| netgear | r6700 | v3 | |
| netgear | r7000_firmware | * | |
| netgear | r7000 | - | |
| netgear | r7850_firmware | * | |
| netgear | r7850 | - | |
| netgear | r7900p_firmware | * | |
| netgear | r7900p | - | |
| netgear | r7960p_firmware | * | |
| netgear | r7960p | - | |
| netgear | r8000_firmware | * | |
| netgear | r8000 | - | |
| netgear | r8000p_firmware | * | |
| netgear | r8000p | - | |
| netgear | r8500_firmware | * | |
| netgear | r8500 | - | |
| netgear | rax15_firmware | * | |
| netgear | rax15 | - | |
| netgear | rax20_firmware | * | |
| netgear | rax20 | - | |
| netgear | rax200_firmware | * | |
| netgear | rax200 | - | |
| netgear | rax35_firmware | * | |
| netgear | rax35 | v2 | |
| netgear | rax38_firmware | * | |
| netgear | rax38 | v2 | |
| netgear | rax40_firmware | * | |
| netgear | rax40 | v2 | |
| netgear | rax42_firmware | * | |
| netgear | rax42 | - | |
| netgear | rax43_firmware | * | |
| netgear | rax43 | - | |
| netgear | rax45_firmware | * | |
| netgear | rax45 | - | |
| netgear | rax48_firmware | * | |
| netgear | rax48 | - | |
| netgear | rax50_firmware | * | |
| netgear | rax50 | - | |
| netgear | rax50s_firmware | * | |
| netgear | rax50s | - | |
| netgear | rax75_firmware | * | |
| netgear | rax75 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.", }, ], id: "CVE-2022-27645", lastModified: "2024-11-21T06:56:05.333", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.637", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-522/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2024-11-21 06:56
Severity ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2", versionEndExcluding: "2.1.3.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*", matchCriteriaId: "673A83EA-E359-4629-8B20-5382C15260B2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF0F2B55-DBD3-4762-92EA-A01D57277A9D", versionEndExcluding: "1.1.6.34", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*", matchCriteriaId: "491CEB8D-22F3-4F86-96F0-03C5C58BA295", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A72582A2-5A44-4ED5-8497-FCAB59A125BE", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*", matchCriteriaId: "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*", matchCriteriaId: "2A086E76-3F23-4C21-AC96-F11372A8A186", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3F50C923-68DC-48EB-A41B-0D3F99B16E1F", versionEndExcluding: "1.1.6.124", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*", matchCriteriaId: "F003F064-591C-4D7C-9EC4-D0E553BC6683", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95E44445-7F76-4CD6-91AC-CEBC46DFA587", versionEndExcluding: "1.1.6.14", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*", matchCriteriaId: "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A41218DC-3A06-4582-A8B8-0320F76F3DFC", versionEndExcluding: "1.0.1.78", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*", matchCriteriaId: "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC79CFE-9036-472C-AB28-FF293BBE1780", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*", matchCriteriaId: "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "169E2D0D-7D18-4AF1-8683-346BD1069DC1", versionEndExcluding: "1.0.4.126", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*", matchCriteriaId: "5A09A9E8-8C77-4EDB-9483-B3C540EF083A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E52E9373-C896-405F-9CEC-2E8707B249F5", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", matchCriteriaId: "C41908FF-AE64-4949-80E3-BEE061B2DA8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5376DD03-0DDD-4B0C-A185-EC226515B32A", versionEndExcluding: "1.0.11.134", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", matchCriteriaId: "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9", versionEndExcluding: "1.3.3.148", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", matchCriteriaId: "DFE55F4D-E98B-46D3-B870-041141934CD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EA99A24-E836-40F4-BF61-C4489E3713F0", versionEndExcluding: "1.0.5.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*", matchCriteriaId: "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD3DCC5-342C-4E66-8BFB-545C2D375A81", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D6A70D-66AF-4064-9F1B-4358D4B1F016", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*", matchCriteriaId: "091CEDB5-0069-4253-86D8-B9FE17CB9F24", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72325BC2-C9AC-4B24-865E-662BDF05BD99", versionEndExcluding: "1.0.4.84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", matchCriteriaId: "5B39F095-8FE8-43FD-A866-7B613B495984", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "994D00CD-350B-4059-9C51-BF843C72B45E", versionEndExcluding: "1.4.3.88", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", matchCriteriaId: "F7EF872D-2537-4FEB-8799-499FC9D44339", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE6DCC3-C225-45A3-A6D0-52BA730EC285", versionEndExcluding: "1.0.2.158", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", matchCriteriaId: "63500DE4-BDBD-4F86-AB99-7DB084D0B912", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2D60F61B-2487-46D7-8B93-4035147AA0AB", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*", matchCriteriaId: "B624B4D3-BCF4-4F95-B401-A88BEC3145A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "35AE4A8C-19CF-44B0-83F1-F3386305B3E3", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*", matchCriteriaId: "7038703C-C79D-4DD4-8B16-E1A5FC6694C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C706F152-6163-4276-B608-C4AF196E070F", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*", matchCriteriaId: "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8ED09D-C874-45EB-AD84-1DB0129C55EC", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*", matchCriteriaId: "972BB714-8869-42C6-95F6-2C15AFA65716", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*", matchCriteriaId: "8306FEBE-ED60-47F0-AB49-E629018D7C33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*", matchCriteriaId: "DD5F8B3F-C0D0-496C-A235-A467EA578C28", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*", matchCriteriaId: "D83182AB-E726-4371-B092-FA1920408FED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28B1B071-C0AD-46AA-8B3D-AF32D71E088C", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*", matchCriteriaId: "178BB386-F66C-4CE8-9283-37D22B304691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "97147D06-DBE4-420F-AF06-604C74710080", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*", matchCriteriaId: "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6F540D5F-F4F5-47B1-B76F-C18004395596", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*", matchCriteriaId: "09E50F2A-C46C-4875-84AB-04AA00BFA53F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*", matchCriteriaId: "C430976E-24C0-4EA7-BF54-F9C188AB9C01", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F282A9F3-E07C-44EB-A21A-462A3DEDAB39", versionEndExcluding: "1.0.10.110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*", matchCriteriaId: "DBB69710-DA7E-4011-A61A-BA40462A041F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E301ACAC-E217-4329-8A32-83946E61999E", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*", matchCriteriaId: "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F8028906-D5AB-4CE6-8431-844E6F98B9AD", versionEndExcluding: "1.0.6.138", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*", matchCriteriaId: "06B5A85C-3588-4263-B9AD-4E56D3F6CB16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A", versionEndExcluding: "1.5.1.86", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*", matchCriteriaId: "2700644E-0940-4D05-B3CA-904D91739E58", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B98293B5-C804-4ED5-8344-12AA02E933CB", versionEndExcluding: "1.0.0.76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*", matchCriteriaId: "366FA778-3C2A-42AF-9141-DAD7043B406C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.", }, ], id: "CVE-2022-27647", lastModified: "2024-11-21T06:56:05.650", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T19:15:08.773", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-524/", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "zdi-disclosures@trendmicro.com", type: "Primary", }, ], }