CVE-2022-27642 - Netgear R7000 Firmware, Netgear R7960p Firmware and Netgear R7100lg Firmware

Critical 8.8

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Affected software

Netgear R7000 Firmware

Netgear R7960p Firmware

Netgear R7100lg Firmware

Netgear Mr80 Firmware

Netgear Rax35 Firmware

Netgear Rax50 Firmware

Netgear Ms60 Firmware

Netgear R8500 Firmware

Netgear Rax200 Firmware

Netgear Rax80 Firmware

Netgear Rax75 Firmware

Netgear Lax20 Firmware

Netgear R6400 Firmware

Netgear Rax42 Firmware

Netgear R6700 Firmware

Netgear Rs400 Firmware

Netgear Rax48 Firmware

Netgear Rax20 Firmware

Netgear R7900p Firmware

Netgear Cax80 Firmware

Netgear Rax15 Firmware

Netgear Ms80 Firmware

Netgear Mr60 Firmware

Netgear R6900p Firmware

Netgear R8000 Firmware

Netgear Rax45 Firmware

Netgear Rax38 Firmware

Netgear Rax43 Firmware

Netgear R7850 Firmware

Netgear R8000p Firmware

Netgear Rax40 Firmware

Netgear Rax50s Firmware

Netgear R7000p Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.