// For flags

CVE-2022-27645

NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root.

*Credits: Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-22 CVE Reserved
  • 2022-03-23 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-306: Missing Authentication for Critical Function
  • CWE-697: Incorrect Comparison
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netgear
Search vendor "Netgear"
Lax20 Firmware
Search vendor "Netgear" for product "Lax20 Firmware"
< 1.1.6.34
Search vendor "Netgear" for product "Lax20 Firmware" and version " < 1.1.6.34"
-
Affected
in Netgear
Search vendor "Netgear"
Lax20
Search vendor "Netgear" for product "Lax20"
--
Safe
Netgear
Search vendor "Netgear"
R6400 Firmware
Search vendor "Netgear" for product "R6400 Firmware"
< 1.0.4.126
Search vendor "Netgear" for product "R6400 Firmware" and version " < 1.0.4.126"
-
Affected
in Netgear
Search vendor "Netgear"
R6400
Search vendor "Netgear" for product "R6400"
v2
Search vendor "Netgear" for product "R6400" and version "v2"
-
Safe
Netgear
Search vendor "Netgear"
R6700 Firmware
Search vendor "Netgear" for product "R6700 Firmware"
< 1.0.4.126
Search vendor "Netgear" for product "R6700 Firmware" and version " < 1.0.4.126"
-
Affected
in Netgear
Search vendor "Netgear"
R6700
Search vendor "Netgear" for product "R6700"
v3
Search vendor "Netgear" for product "R6700" and version "v3"
-
Safe
Netgear
Search vendor "Netgear"
R7000 Firmware
Search vendor "Netgear" for product "R7000 Firmware"
< 1.0.11.134
Search vendor "Netgear" for product "R7000 Firmware" and version " < 1.0.11.134"
-
Affected
in Netgear
Search vendor "Netgear"
R7000
Search vendor "Netgear" for product "R7000"
--
Safe
Netgear
Search vendor "Netgear"
R7850 Firmware
Search vendor "Netgear" for product "R7850 Firmware"
< 1.0.5.84
Search vendor "Netgear" for product "R7850 Firmware" and version " < 1.0.5.84"
-
Affected
in Netgear
Search vendor "Netgear"
R7850
Search vendor "Netgear" for product "R7850"
--
Safe
Netgear
Search vendor "Netgear"
R7900p Firmware
Search vendor "Netgear" for product "R7900p Firmware"
< 1.4.3.88
Search vendor "Netgear" for product "R7900p Firmware" and version " < 1.4.3.88"
-
Affected
in Netgear
Search vendor "Netgear"
R7900p
Search vendor "Netgear" for product "R7900p"
--
Safe
Netgear
Search vendor "Netgear"
R7960p Firmware
Search vendor "Netgear" for product "R7960p Firmware"
< 1.4.3.88
Search vendor "Netgear" for product "R7960p Firmware" and version " < 1.4.3.88"
-
Affected
in Netgear
Search vendor "Netgear"
R7960p
Search vendor "Netgear" for product "R7960p"
--
Safe
Netgear
Search vendor "Netgear"
R8000 Firmware
Search vendor "Netgear" for product "R8000 Firmware"
< 1.0.4.84
Search vendor "Netgear" for product "R8000 Firmware" and version " < 1.0.4.84"
-
Affected
in Netgear
Search vendor "Netgear"
R8000
Search vendor "Netgear" for product "R8000"
--
Safe
Netgear
Search vendor "Netgear"
R8000p Firmware
Search vendor "Netgear" for product "R8000p Firmware"
< 1.4.3.88
Search vendor "Netgear" for product "R8000p Firmware" and version " < 1.4.3.88"
-
Affected
in Netgear
Search vendor "Netgear"
R8000p
Search vendor "Netgear" for product "R8000p"
--
Safe
Netgear
Search vendor "Netgear"
R8500 Firmware
Search vendor "Netgear" for product "R8500 Firmware"
< 1.0.2.158
Search vendor "Netgear" for product "R8500 Firmware" and version " < 1.0.2.158"
-
Affected
in Netgear
Search vendor "Netgear"
R8500
Search vendor "Netgear" for product "R8500"
--
Safe
Netgear
Search vendor "Netgear"
Rax15 Firmware
Search vendor "Netgear" for product "Rax15 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax15 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax15
Search vendor "Netgear" for product "Rax15"
--
Safe
Netgear
Search vendor "Netgear"
Rax20 Firmware
Search vendor "Netgear" for product "Rax20 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax20 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax20
Search vendor "Netgear" for product "Rax20"
--
Safe
Netgear
Search vendor "Netgear"
Rax200 Firmware
Search vendor "Netgear" for product "Rax200 Firmware"
< 1.0.6.138
Search vendor "Netgear" for product "Rax200 Firmware" and version " < 1.0.6.138"
-
Affected
in Netgear
Search vendor "Netgear"
Rax200
Search vendor "Netgear" for product "Rax200"
--
Safe
Netgear
Search vendor "Netgear"
Rax35 Firmware
Search vendor "Netgear" for product "Rax35 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax35 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax35
Search vendor "Netgear" for product "Rax35"
v2
Search vendor "Netgear" for product "Rax35" and version "v2"
-
Safe
Netgear
Search vendor "Netgear"
Rax38 Firmware
Search vendor "Netgear" for product "Rax38 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax38 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax38
Search vendor "Netgear" for product "Rax38"
v2
Search vendor "Netgear" for product "Rax38" and version "v2"
-
Safe
Netgear
Search vendor "Netgear"
Rax40 Firmware
Search vendor "Netgear" for product "Rax40 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax40 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax40
Search vendor "Netgear" for product "Rax40"
v2
Search vendor "Netgear" for product "Rax40" and version "v2"
-
Safe
Netgear
Search vendor "Netgear"
Rax42 Firmware
Search vendor "Netgear" for product "Rax42 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax42 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax42
Search vendor "Netgear" for product "Rax42"
--
Safe
Netgear
Search vendor "Netgear"
Rax43 Firmware
Search vendor "Netgear" for product "Rax43 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax43 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax43
Search vendor "Netgear" for product "Rax43"
--
Safe
Netgear
Search vendor "Netgear"
Rax45 Firmware
Search vendor "Netgear" for product "Rax45 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax45 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax45
Search vendor "Netgear" for product "Rax45"
--
Safe
Netgear
Search vendor "Netgear"
Rax48 Firmware
Search vendor "Netgear" for product "Rax48 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax48 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax48
Search vendor "Netgear" for product "Rax48"
--
Safe
Netgear
Search vendor "Netgear"
Rax50 Firmware
Search vendor "Netgear" for product "Rax50 Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax50 Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax50
Search vendor "Netgear" for product "Rax50"
--
Safe
Netgear
Search vendor "Netgear"
Rax50s Firmware
Search vendor "Netgear" for product "Rax50s Firmware"
< 1.0.10.110
Search vendor "Netgear" for product "Rax50s Firmware" and version " < 1.0.10.110"
-
Affected
in Netgear
Search vendor "Netgear"
Rax50s
Search vendor "Netgear" for product "Rax50s"
--
Safe
Netgear
Search vendor "Netgear"
Rax75 Firmware
Search vendor "Netgear" for product "Rax75 Firmware"
< 1.0.6.138
Search vendor "Netgear" for product "Rax75 Firmware" and version " < 1.0.6.138"
-
Affected
in Netgear
Search vendor "Netgear"
Rax75
Search vendor "Netgear" for product "Rax75"
--
Safe