CVE-2022-27647 - Netgear R7960p Firmware, Netgear Rax42 Firmware and Netgear Mr60 Firmware

Critical 8.0

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

Affected software

Netgear R7960p Firmware

Netgear Rax42 Firmware

Netgear Mr60 Firmware

Netgear Rax50s Firmware

Netgear R7000 Firmware

Netgear R7900p Firmware

Netgear Rax48 Firmware

Netgear R8000 Firmware

Netgear Rax75 Firmware

Netgear Lax20 Firmware

Netgear R6900p Firmware

Netgear R8500 Firmware

Netgear R6700 Firmware

Netgear Rax15 Firmware

Netgear Rax200 Firmware

Netgear Mr80 Firmware

Netgear Rax35 Firmware

Netgear Cax80 Firmware

Netgear Ms80 Firmware

Netgear Rs400 Firmware

Netgear R7100lg Firmware

Netgear Rax43 Firmware

Netgear Rax50 Firmware

Netgear Rax80 Firmware

Netgear R8000p Firmware

Netgear R6400 Firmware

Netgear R7850 Firmware

Netgear Rax20 Firmware

Netgear Rax45 Firmware

Netgear Rax38 Firmware

Netgear Ms60 Firmware

Netgear R7000p Firmware

Netgear Rax40 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.