🛡️ CVE-2022-27642
🟠 CVSS 8.8 — High ✅ No Known Exploit CWE-863 NVD
8.8
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

Details

Severity HIGH
CVSS Score 8.8
CVSS Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-863
Public Exploit ✅ No
Source NVD
Published 2023-03-29
Updated 2026-06-08
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
cax80-firmware 2.1.3.7
lax20-firmware 1.1.6.34
mr60-firmware 1.1.6.124
mr80-firmware 1.1.6.14
ms60-firmware 1.1.6.124
ms80-firmware 1.1.6.14
r6400-firmware 1.0.4.126
r6700-firmware 1.0.4.126
r6900p-firmware 1.3.3.148
r7000-firmware 1.0.11.134
r7000p-firmware 1.3.3.148
r7100lg-firmware 1.0.0.76
r7850-firmware 1.0.5.84
r7900p-firmware 1.4.3.88
r7960p-firmware 1.4.3.88
r8000-firmware 1.0.4.84
r8000p-firmware 1.4.3.88
r8500-firmware 1.0.2.158
rax15-firmware 1.0.10.110
rax20-firmware 1.0.10.110
rax200-firmware 1.0.6.138
rax35-firmware 1.0.10.110
rax38-firmware 1.0.10.110
rax40-firmware 1.0.10.110
rax42-firmware 1.0.10.110
rax43-firmware 1.0.10.110
rax45-firmware 1.0.10.110
rax48-firmware 1.0.10.110
rax50-firmware 1.0.10.110
rax50s-firmware 1.0.10.110
rax75-firmware 1.0.6.138
rax80-firmware 1.0.6.138
rs400-firmware 1.5.1.86

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.