cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-27641,https://securityvulnerability.io/vulnerability/CVE-2022-27641,Buffer Overflow Flaw in NETGEAR Routers,"The vulnerability in the NETGEAR R6700v3 router's NetUSB module poses a significant risk by allowing network-adjacent attackers to execute arbitrary code. This flaw arises from inadequate validation of user-supplied data, leading to an integer overflow that can occur before the allocation of a buffer. The lack of required authentication makes it particularly dangerous, enabling exploitation by attackers to run code with root-level privileges on the router.",Netgear,R6700v3,8.8,HIGH,0.0007200000109151006,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27642,https://securityvulnerability.io/vulnerability/CVE-2022-27642,,This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.,Netgear,R6700v3,6.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27643,https://securityvulnerability.io/vulnerability/CVE-2022-27643,Buffer Overflow Vulnerability in NETGEAR Routers,"A vulnerability exists in the NETGEAR R6700v3 router allowing network-adjacent attackers to execute arbitrary code without authentication. The flaw arises from improper validation of the length of user-supplied data in SOAP requests, particularly when parsing the SOAPAction header. This could enable an attacker to manipulate memory structures and execute malicious code with root privileges.",Netgear,R6700v3,8.8,HIGH,0.000699999975040555,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27645,https://securityvulnerability.io/vulnerability/CVE-2022-27645,Authentication Bypass in NETGEAR Routers,"This vulnerability allows network-adjacent attackers to bypass authentication on impacted NETGEAR R6700v3 routers. Due to inadequate authentication checks within the 'readycloud_control.cgi' component, attackers can access sensitive functionalities without valid credentials. Exploiting this flaw could allow hostile entities to execute arbitrary code within the context of the root user, potentially compromising the router's integrity and the network it manages.",Netgear,R6700v3,8.8,HIGH,0.0018599999602884054,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27646,https://securityvulnerability.io/vulnerability/CVE-2022-27646,Code Execution Vulnerability in NETGEAR Routers,"This vulnerability in NETGEAR R6700v3 routers enables attackers positioned on the same network to execute arbitrary code through a crafted circleinfo.txt file. While an authentication mechanism is present, it can be bypassed due to a flaw in the circled daemon, leading to a stack-based buffer overflow. Successful exploitation allows attackers to run code with root privileges, posing significant risks to system integrity and security.",Netgear,R6700v3,8,HIGH,0.0008500000112690032,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27644,https://securityvulnerability.io/vulnerability/CVE-2022-27644,,This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.,Netgear,R6700v3,5,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-27647,https://securityvulnerability.io/vulnerability/CVE-2022-27647,Arbitrary Code Execution Vulnerability in NETGEAR Routers,"This vulnerability affects NETGEAR R6700v3 routers and enables network-adjacent attackers to execute arbitrary code. While authentication is generally required, an inherent flaw allows this mechanism to be bypassed. The vulnerability originates from improper validation of user input concerning name or email fields utilized by the libreadycloud.so component. When exploited, this could allow attackers to execute commands at the root level, potentially compromising the entire router.",Netgear,R6700v3,8,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0