CVE-2022-27641

moderate-risk

Published 2023-03-29

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (9)

D7800 Firmware

Ex6200 Firmware

Ex8000 Firmware

R6220 Firmware

R6230 Firmware

R6400 Firmware

R6700 Firmware

R7000 Firmware

R7800 Firmware

Affected Vendors

Netgear

References (4)

Vendor Advisory https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer...

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-22-544/

Vendor Advisory https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer...

Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-22-544/

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate