CVE-2022-27645: (Pwn2Own) NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability
First published: Wed Mar 29 2023(Updated: )
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear Lax20 Firmware | <1.1.6.34 | |
| Netgear Lax20 | ||
| Netgear R6400 Firmware | <1.0.4.126 | |
| NETGEAR R6400 | =v2 | |
| Netgear R6700 Firmware | <1.0.4.126 | |
| NETGEAR R6700 | =v3 | |
| Netgear R7000 Firmware | <1.0.11.134 | |
| NETGEAR R7000 | ||
| Netgear R7850 Firmware | <1.0.5.84 | |
| NETGEAR R6400v2 | ||
| Netgear R7900p Firmware | <1.4.3.88 | |
| Netgear R7900p | ||
| Netgear R7960p Firmware | <1.4.3.88 | |
| Netgear R7960p | ||
| Netgear R8000 Firmware | <1.0.4.84 | |
| NETGEAR R8000 | ||
| Netgear R8000p Firmware | <1.4.3.88 | |
| Netgear R8000p | ||
| Netgear R8500 Firmware | <1.0.2.158 | |
| NETGEAR R8500 | ||
| Netgear Rax15 Firmware | <1.0.10.110 | |
| Netgear Rax15 | ||
| Netgear Rax20 Firmware | <1.0.10.110 | |
| Netgear Rax20 | ||
| Netgear Rax200 Firmware | <1.0.6.138 | |
| NETGEAR RAX200 | ||
| Netgear Rax35 Firmware | <1.0.10.110 | |
| Netgear RAX35 | =v2 | |
| Netgear Rax38 Firmware | <1.0.10.110 | |
| Netgear Rax38 | =v2 | |
| Netgear Rax40 Firmware | <1.0.10.110 | |
| NETGEAR RAX40 | =v2 | |
| Netgear Rax42 Firmware | <1.0.10.110 | |
| Netgear Rax42 | ||
| NETGEAR R6400v2 | <1.0.10.110 | |
| Netgear RAX43 | ||
| Netgear Rax45 Firmware | <1.0.10.110 | |
| Netgear Rax45 | ||
| Netgear Rax48 Firmware | <1.0.10.110 | |
| NETGEAR R6400v2 | ||
| Netgear Rax50 Firmware | <1.0.10.110 | |
| Netgear Rax50 | ||
| Netgear Rax50s Firmware | <1.0.10.110 | |
| NETGEAR R6400v2 | ||
| Netgear Rax75 Firmware | <1.0.6.138 | |
| Netgear Rax75 | ||
| NETGEAR R6700v3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-27645.
What is the title of the vulnerability?
The title of the vulnerability is (Pwn2Own) NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability.
How does this vulnerability affect NETGEAR R6700v3 routers?
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability.
What is the severity of CVE-2022-27645?
The severity of CVE-2022-27645 is high with a score of 8.8.
Are there any references for this vulnerability?
Yes, you can find more information about this vulnerability in the references provided: [Link 1](https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325), [Link 2](https://www.zerodayinitiative.com/advisories/ZDI-22-522/).
- collector/nvd-index
- collector/zdi-advisory
- alias/ZDI-22-522
- alias/ZDI-CAN-15762
- alias/CVE-2022-27645
- vendor/netgear
- canonical/netgear lax20 firmware
- canonical/netgear lax20
- canonical/netgear r6400 firmware
- canonical/netgear r6400
- version/netgear r6400/v2
- canonical/netgear r6700 firmware
- canonical/netgear r6700
- version/netgear r6700/v3
- canonical/netgear r7000 firmware
- canonical/netgear r7000
- canonical/netgear r7850 firmware
- canonical/netgear r6400v2
- canonical/netgear r7900p firmware
- canonical/netgear r7900p
- canonical/netgear r7960p firmware
- canonical/netgear r7960p
- canonical/netgear r8000 firmware
- canonical/netgear r8000
- canonical/netgear r8000p firmware
- canonical/netgear r8000p
- canonical/netgear r8500 firmware
- canonical/netgear r8500
- canonical/netgear rax15 firmware
- canonical/netgear rax15
- canonical/netgear rax20 firmware
- canonical/netgear rax20
- canonical/netgear rax200 firmware
- canonical/netgear rax200
- canonical/netgear rax35 firmware
- canonical/netgear rax35
- version/netgear rax35/v2
- canonical/netgear rax38 firmware
- canonical/netgear rax38
- version/netgear rax38/v2
- canonical/netgear rax40 firmware
- canonical/netgear rax40
- version/netgear rax40/v2
- canonical/netgear rax42 firmware
- canonical/netgear rax42
- canonical/netgear rax43
- canonical/netgear rax45 firmware
- canonical/netgear rax45
- canonical/netgear rax48 firmware
- canonical/netgear rax50 firmware
- canonical/netgear rax50
- canonical/netgear rax50s firmware
- canonical/netgear rax75 firmware
- canonical/netgear rax75
- canonical/netgear r6700v3