CVE-2022-27641: (Pwn2Own) Netgear R6700v3 NetUSB Integer Overflow Remote Code Execution Vulnerability
First published: Wed Mar 29 2023(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear D7800 Firmware | <1.0.1.68 | |
| Netgear D7800 | ||
| Netgear Ex6200 Firmware | <1.0.1.90 | |
| Netgear EX6200 | =v2 | |
| NETGEAR R7800 | <1.0.1.240 | |
| Netgear Ex8000 | ||
| Netgear R6220 Firmware | <1.1.0.112 | |
| NETGEAR R6220 | ||
| Netgear R6230 Firmware | <1.1.0.112 | |
| Netgear R6230 | ||
| Netgear R6400 Firmware | <1.0.4.122 | |
| NETGEAR R6400 | =v2 | |
| Netgear R6700 Firmware | <1.0.4.122 | |
| NETGEAR R6700 | =v3 | |
| Netgear R7000 Firmware | <1.0.11.130 | |
| NETGEAR R7000 | ||
| NETGEAR R7800 firmware | <1.0.2.90 | |
| NETGEAR R7800 | ||
| NETGEAR R6700v3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-27641?
CVE-2022-27641 is a vulnerability that allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers.
How severe is CVE-2022-27641?
CVE-2022-27641 has a severity rating of 8.8 out of 10, indicating a high severity.
How can an attacker exploit CVE-2022-27641?
An attacker can exploit CVE-2022-27641 without authentication by sending malicious packets to the vulnerable router's NetUSB module.
Is authentication required to exploit CVE-2022-27641?
No, authentication is not required to exploit CVE-2022-27641.
Are there any mitigation steps available for CVE-2022-27641?
Yes, updating the firmware of the NETGEAR R6700v3 router to a patched version will mitigate the vulnerability.
- collector/nvd-index
- collector/zdi-advisory
- alias/ZDI-22-544
- alias/ZDI-CAN-15806
- alias/CVE-2022-27641
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/type
- agent/event
- agent/references
- agent/tags
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/netgear
- canonical/netgear d7800 firmware
- canonical/netgear d7800
- canonical/netgear ex6200 firmware
- canonical/netgear ex6200
- version/netgear ex6200/v2
- canonical/netgear r7800
- canonical/netgear ex8000
- canonical/netgear r6220 firmware
- canonical/netgear r6220
- canonical/netgear r6230 firmware
- canonical/netgear r6230
- canonical/netgear r6400 firmware
- canonical/netgear r6400
- version/netgear r6400/v2
- canonical/netgear r6700 firmware
- canonical/netgear r6700
- version/netgear r6700/v3
- canonical/netgear r7000 firmware
- canonical/netgear r7000
- canonical/netgear r7800 firmware
- canonical/netgear r6700v3