CVE-2022-27641

EUVD-2022-32142

29.03.2023, 19:15

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Affected Products (NVD)

Vendor	Product	Version
netgear	d7800_firmware	𝑥 < 1.0.1.68
netgear	ex6200_firmware	𝑥 < 1.0.1.90
netgear	ex8000_firmware	𝑥 < 1.0.1.240
netgear	r6220_firmware	𝑥 < 1.1.0.112
netgear	r6230_firmware	𝑥 < 1.1.0.112
netgear	r6400_firmware	𝑥 < 1.0.4.122
netgear	r6700_firmware	𝑥 < 1.0.4.122
netgear	r7000_firmware	𝑥 < 1.0.11.130
netgear	r7800_firmware	𝑥 < 1.0.2.90

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278

https://www.zerodayinitiative.com/advisories/ZDI-22-544/

https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278

https://www.zerodayinitiative.com/advisories/ZDI-22-544/