This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Affected Software | Affected Version | How to fix |
---|---|---|
NETGEAR R6700v3 firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
ZDI-22-524 is considered a critical severity vulnerability due to its potential for arbitrary code execution.
To mitigate the effects of ZDI-22-524, users should update their NETGEAR R6700v3 router firmware to the latest version provided by the vendor.
ZDI-22-524 can facilitate attacks that allow network-adjacent attackers to execute arbitrary code on vulnerable NETGEAR R6700v3 routers.
Yes, although authentication is required, the mechanism can be bypassed, making the vulnerability particularly dangerous.
ZDI-22-524 specifically affects NETGEAR R6700v3 routers running certain firmware versions.