CVE-2022-27644

Published Mar 29, 2023
Last updated 2 years ago
CVSS high 8.8
Overview

Description: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
Source: zdi-disclosures@trendmicro.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 3.0

Type: Secondary
Base score: 5
Impact score: 3.4
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM
Weaknesses

zdi-disclosures@trendmicro.com: CWE-295
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
            "versionEndExcluding": "1.0.4.126"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
            "versionEndExcluding": "1.0.4.126"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
            "versionEndExcluding": "1.3.3.148"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
            "versionEndExcluding": "1.0.11.134"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
            "versionEndExcluding": "1.3.3.148"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
            "versionEndExcluding": "1.0.5.84"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
            "versionEndExcluding": "1.4.3.88"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
            "versionEndExcluding": "1.0.4.84"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
            "versionEndExcluding": "1.4.3.88"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
            "versionEndExcluding": "1.0.6.138"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
            "versionEndExcluding": "1.0.6.138"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
            "versionEndExcluding": "1.0.6.138"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
            "versionEndExcluding": "1.5.1.86"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C1671BC-AB3B-493F-81F6-C38D1489BF9C",
            "versionEndExcluding": "2.5.0.28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03942539-865D-4920-8C59-D211C6A5E97C",
            "versionEndExcluding": "2.7.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22C90106-692A-4574-907A-86B7BA743AEF",
            "versionEndExcluding": "2.7.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008227D9-B549-48EB-BEE5-492461CD3654",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C119E51F-AC11-48F9-85AA-29255E64F8DC",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35792D02-E5E4-41D1-9AB8-C595015A6608",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26315AA3-35C7-415F-B12E-D0081DCA5A52",
            "versionEndExcluding": "2.7.4.24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References
