Search criteria

402 vulnerabilities found for r7000_firmware by netgear

FKIE_CVE-2025-44650

Vulnerability from fkie_nvd - Published: 2025-07-21 16:15 - Updated: 2025-08-07 17:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
References
cve@mitre.orghttps://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67dBroken Link
cve@mitre.orghttps://www.netgear.com/about/security/Vendor Advisory
cve@mitre.orghttps://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9Third Party Advisory
Impacted products
Vendor Product Version
netgear r7000_firmware 1.3.1.64_10.1.36
netgear r7000 -
netgear eax80_firmware 1.0.1.70_1.0.2
netgear eax80 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:1.3.1.64_10.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A27DF04-1ACF-46AC-B5A4-8FA1A2603972",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:eax80_firmware:1.0.1.70_1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEAF4C5E-D775-4DA5-9EC9-C99EFE433540",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97740F5D-063E-424F-A0FE-09EBE1100975",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected."
    },
    {
      "lang": "es",
      "value": "En Netgear R7000 V1.3.1.64_10.1.36 y EAX80 V1.0.1.70_1.0.2, la opci\u00f3n USERLIMIT_GLOBAL est\u00e1 establecida en 0 en el archivo de configuraci\u00f3n bftpd.conf. Esto puede provocar ataques de denegaci\u00f3n de servicio (DoS) cuando se conectan usuarios ilimitados."
    }
  ],
  "id": "CVE-2025-44650",
  "lastModified": "2025-08-07T17:58:36.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-21T16:15:29.090",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.netgear.com/about/security/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2024-35520

Vulnerability from fkie_nvd - Published: 2024-10-14 22:15 - Updated: 2024-10-16 17:14
Severity ?
8.4 (High) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
References
cve@mitre.orghttps://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154Third Party Advisory
Impacted products
Vendor Product Version
netgear r7000_firmware 1.0.11.136
netgear r7000 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136:*:*:*:*:*:*:*",
              "matchCriteriaId": "746C88B1-7D36-49AA-8A00-1C6108846C27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter."
    },
    {
      "lang": "es",
      "value": "Netgear R7000 1.0.11.136 es vulnerable a la inyecci\u00f3n de comandos en RMT_invite.cgi a trav\u00e9s del par\u00e1metro device_name2."
    }
  ],
  "id": "CVE-2024-35520",
  "lastModified": "2024-10-16T17:14:31.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-14T22:15:03.727",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2021-34982

Vulnerability from fkie_nvd - Published: 2024-05-07 23:15 - Updated: 2025-08-14 01:41
Severity ?
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-21-1274/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-1274/Third Party Advisory
Impacted products
Vendor Product Version
netgear dc112a_firmware *
netgear dc112a -
netgear ex3700_firmware *
netgear ex3700 -
netgear ex3800_firmware *
netgear ex3800 -
netgear ex6120_firmware *
netgear ex6120 -
netgear ex6130_firmware *
netgear ex6130 -
netgear ex7000_firmware *
netgear ex7000 -
netgear ex7500_firmware *
netgear ex7500 -
netgear mr60_firmware *
netgear mr60 -
netgear mr80_firmware *
netgear mr80 -
netgear ms60_firmware *
netgear ms60 -
netgear ms80_firmware *
netgear ms80 -
netgear lax20_firmware *
netgear lax20 -
netgear r6400_firmware *
netgear r6400 -
netgear r6400v2_firmware *
netgear r6400v2 -
netgear r6700v3_firmware *
netgear r6700v3 -
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7100lg_firmware *
netgear r7100lg -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8300_firmware *
netgear r8300 -
netgear r8500_firmware *
netgear r8500 -
netgear rax15_firmware *
netgear rax15 -
netgear rax20_firmware *
netgear rax20 -
netgear rax200_firmware *
netgear rax200 -
netgear rax35v2_firmware *
netgear rax35v2 -
netgear rax38v2_firmware *
netgear rax38v2 -
netgear rax40v2_firmware *
netgear rax40v2 -
netgear rax42_firmware *
netgear rax42 -
netgear rax43_firmware *
netgear rax43 -
netgear rax45_firmware *
netgear rax45 -
netgear rax48_firmware *
netgear rax48 -
netgear rax50_firmware *
netgear rax50 -
netgear rax50s_firmware *
netgear rax50s -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear raxe450_firmware *
netgear raxe450 -
netgear raxe500_firmware *
netgear raxe500 -
netgear rs400_firmware *
netgear rs400 -
netgear wndr3400v3_firmware *
netgear wndr3400v3 -
netgear wnr3500lv2_firmware *
netgear wnr3500lv2 -
netgear xr1000_firmware *
netgear xr1000 -
netgear xr300_firmware *
netgear xr300 -
netgear d6220_firmware *
netgear d6220 -
netgear d6400_firmware *
netgear d6400 -
netgear d7000v2_firmware *
netgear d7000v2 -
netgear dgn2200v4_firmware *
netgear dgn2200v4 -
netgear v6510-1fxaus_firmware *
netgear v6510-1fxaus -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4ECB05-E606-439C-9B67-DB5042FCD50E",
              "versionEndExcluding": "1.0.0.62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65EE9FC-A015-4D92-8DA3-40C8594D843D",
              "versionEndExcluding": "1.0.0.94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED72FFCA-F5A8-480D-8A29-C14FFC490B33",
              "versionEndExcluding": "1.0.0.94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECBE89E-3C81-470A-80C0-F742D7ABC66D",
              "versionEndExcluding": "1.0.0.66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D32948E-0E3F-4F1E-9BF8-AA159659B248",
              "versionEndExcluding": "1.0.0.46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D1A25A-22F9-49BF-8335-61EC6D0D1951",
              "versionEndExcluding": "1.0.1.106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFA0844-677F-4753-9289-DFEB4B59D689",
              "versionEndExcluding": "1.0.1.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6E7187-B191-473D-9E9D-0990447AB8C6",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDB0ED7-C249-4B35-B8E5-A0AE2BE311E0",
              "versionEndExcluding": "1.1.6.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B2ED6-D7C9-4B84-BCD0-9C98B80A5F53",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "759DA00A-1088-453C-94C6-5037E04CD81A",
              "versionEndExcluding": "1.1.6.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02824FC-0D56-4422-A5D5-4944BA2FA897",
              "versionEndExcluding": "1.1.6.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7F4455-0A09-49B7-A117-1834F20B9FD1",
              "versionEndExcluding": "1.0.1.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DA0D12-4A91-4063-94C1-5154669BE6D5",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EEB4D53-DD21-4145-B802-3ECC00998CC4",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "047F5F65-909C-4151-A8DF-B3DD7CDEEDEF",
              "versionEndExcluding": "1.0.11.128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F445F83B-1CFC-41E9-9446-72E1FCE5A222",
              "versionEndExcluding": "1.0.0.72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FF56D6-F2B4-406A-AFFE-B9502E22FFDE",
              "versionEndExcluding": "1.0.5.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83ECB19-F32A-4413-8B51-3B871F1C2610",
              "versionEndExcluding": "1.0.4.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB34F838-B338-41CC-9EC8-4712C4CF84AE",
              "versionEndExcluding": "1.0.2.156",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5D6D75-ADD4-4D61-A54A-4DA0FE9722B9",
              "versionEndExcluding": "1.0.2.156",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D5268F-C2DA-4323-A71A-784DAB080D64",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4936DA57-0FEF-4BD1-8075-7DBB144D6C51",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1071E817-2865-4D9A-BAD6-36CDCC86A2D3",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8EBFE8-A19D-4095-902D-E3DE5FE9B152",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax38v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "622B679D-8F20-40A2-B8CB-054FCB13DC8E",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax38v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE59D8F1-1883-4C96-8099-AA6B362A8D2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7252E5-A12A-49E7-BFF5-2974FBC876F0",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6786B925-498E-458D-94F4-83F337DE469C",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3128D842-33C1-453A-B4BF-F383F7C7A924",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDFCA49-7EF9-413B-A7CA-7D51CA7D12CB",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78BF9561-75D1-4B7A-ABE3-871D6C647978",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36A7666-610A-4C67-AD7D-C4473CC35994",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6B59EE-5B90-4139-8306-B50846BB1EC6",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6065375D-CB51-403B-B6CD-BBBA53685E08",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "324447B4-A3B2-41C7-A003-F7A09C66ACD2",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:raxe450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24003AB5-CFB9-4A28-BDBE-2800B5222865",
              "versionEndExcluding": "1.0.8.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:raxe450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D7EC2C-E443-4749-854E-5BC057CA6B06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:raxe500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "018EFBF6-9AE3-4361-B8E2-A0A4B668295F",
              "versionEndExcluding": "1.0.8.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:raxe500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D23ADF0-05B4-4163-9666-3F470FB19E01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
              "versionEndExcluding": "1.5.1.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "836591C8-6B93-4C41-808D-9FF4080A5F51",
              "versionEndExcluding": "1.0.1.42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnr3500lv2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3EC77D7-D5B5-48A4-ACF9-7919A7254A31",
              "versionEndExcluding": "1.2.0.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnr3500lv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3F6D58-D900-41B4-8626-58928866208A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53E84D2-5378-405C-8D98-2DB746048FC5",
              "versionEndExcluding": "1.0.0.64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
              "versionEndExcluding": "1.0.3.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD93F750-1D77-4E8F-86EB-581C0102474B",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "204E3FEE-153C-46A8-8651-8CF90A37F04D",
              "versionEndExcluding": "1.0.0.108",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F21298B-8FEA-4E17-BF38-65F247D6271C",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EDEBC41-D9AA-4822-AC01-CFA4B24A08A6",
              "versionEndExcluding": "1.0.0.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE59214-C8A1-4337-A54C-E4E8C149B241",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:v6510-1fxaus_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C3B249-3491-4F4F-9D0C-758AFDFB3416",
              "versionEndExcluding": "1.0.0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:v6510-1fxaus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537F4FAF-40FF-4858-8072-AC5B5A193ABC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria httpd de m\u00faltiples enrutadores de NETGEAR. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de m\u00faltiples enrutadores NETGEAR. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servicio httpd, que escucha en el puerto TCP 80 de forma predeterminada. Al analizar el archivo de cadenas, el proceso no valida correctamente la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-13709."
    }
  ],
  "id": "CVE-2021-34982",
  "lastModified": "2025-08-14T01:41:19.343",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-07T23:15:13.400",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-34983

Vulnerability from fkie_nvd - Published: 2024-05-07 23:15 - Updated: 2025-08-14 01:40
Severity ?
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-21-1275/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-1275/Third Party Advisory
Impacted products
Vendor Product Version
netgear xr1000_firmware *
netgear xr1000 -
netgear xr300_firmware *
netgear xr300 -
netgear d6220_firmware *
netgear d6220 -
netgear d6400_firmware *
netgear d6400 -
netgear d7000v2_firmware *
netgear d7000v2 -
netgear dgn2200v4_firmware *
netgear dgn2200v4 -
netgear v6510-1fxaus_firmware *
netgear v6510-1fxaus -
netgear dc112a_firmware *
netgear dc112a -
netgear ex3700_firmware *
netgear ex3700 -
netgear ex3800_firmware *
netgear ex3800 -
netgear ex6120_firmware *
netgear ex6120 -
netgear ex6130_firmware *
netgear ex6130 -
netgear ex7000_firmware *
netgear ex7000 -
netgear ex7500_firmware *
netgear ex7500 -
netgear mr60_firmware *
netgear mr60 -
netgear mr80_firmware *
netgear mr80 -
netgear ms60_firmware *
netgear ms60 -
netgear ms80_firmware *
netgear ms80 -
netgear lax20_firmware *
netgear lax20 -
netgear r6400_firmware *
netgear r6400 -
netgear r6400v2_firmware *
netgear r6400v2 -
netgear r6700v3_firmware *
netgear r6700v3 -
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7100lg_firmware *
netgear r7100lg -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8300_firmware *
netgear r8300 -
netgear r8500_firmware *
netgear r8500 -
netgear rax15_firmware *
netgear rax15 -
netgear rax20_firmware *
netgear rax20 -
netgear rax200_firmware *
netgear rax200 -
netgear rax35v2_firmware *
netgear rax35v2 -
netgear rax38v2_firmware *
netgear rax38v2 -
netgear rax40v2_firmware *
netgear rax40v2 -
netgear rax42_firmware *
netgear rax42 -
netgear rax43_firmware *
netgear rax43 -
netgear rax45_firmware *
netgear rax45 -
netgear rax48_firmware *
netgear rax48 -
netgear rax50_firmware *
netgear rax50 -
netgear rax50s_firmware *
netgear rax50s -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear raxe450_firmware *
netgear raxe450 -
netgear raxe500_firmware *
netgear raxe500 -
netgear rs400_firmware *
netgear rs400 -
netgear wndr3400v3_firmware *
netgear wndr3400v3 -
netgear wnr3500lv2_firmware *
netgear wnr3500lv2 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53E84D2-5378-405C-8D98-2DB746048FC5",
              "versionEndExcluding": "1.0.0.64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4ED11-4130-47DA-8A9D-55B8F6E3E213",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE70236-D1C6-4B58-8385-1FA5F71916AF",
              "versionEndExcluding": "1.0.3.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD93F750-1D77-4E8F-86EB-581C0102474B",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "204E3FEE-153C-46A8-8651-8CF90A37F04D",
              "versionEndExcluding": "1.0.0.108",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F21298B-8FEA-4E17-BF38-65F247D6271C",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dgn2200v4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EDEBC41-D9AA-4822-AC01-CFA4B24A08A6",
              "versionEndExcluding": "1.0.0.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dgn2200v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE59214-C8A1-4337-A54C-E4E8C149B241",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:v6510-1fxaus_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C3B249-3491-4F4F-9D0C-758AFDFB3416",
              "versionEndExcluding": "1.0.0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:v6510-1fxaus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537F4FAF-40FF-4858-8072-AC5B5A193ABC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4ECB05-E606-439C-9B67-DB5042FCD50E",
              "versionEndExcluding": "1.0.0.62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65EE9FC-A015-4D92-8DA3-40C8594D843D",
              "versionEndExcluding": "1.0.0.94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED72FFCA-F5A8-480D-8A29-C14FFC490B33",
              "versionEndExcluding": "1.0.0.94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECBE89E-3C81-470A-80C0-F742D7ABC66D",
              "versionEndExcluding": "1.0.0.66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D32948E-0E3F-4F1E-9BF8-AA159659B248",
              "versionEndExcluding": "1.0.0.46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D1A25A-22F9-49BF-8335-61EC6D0D1951",
              "versionEndExcluding": "1.0.1.106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F45B620-60B8-40F3-A055-181ADD71EFFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFA0844-677F-4753-9289-DFEB4B59D689",
              "versionEndExcluding": "1.0.1.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44336289-F9DA-4779-8C1A-0221E29E2E2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6E7187-B191-473D-9E9D-0990447AB8C6",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDB0ED7-C249-4B35-B8E5-A0AE2BE311E0",
              "versionEndExcluding": "1.1.6.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B2ED6-D7C9-4B84-BCD0-9C98B80A5F53",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "759DA00A-1088-453C-94C6-5037E04CD81A",
              "versionEndExcluding": "1.1.6.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02824FC-0D56-4422-A5D5-4944BA2FA897",
              "versionEndExcluding": "1.1.6.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7F4455-0A09-49B7-A117-1834F20B9FD1",
              "versionEndExcluding": "1.0.1.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DA0D12-4A91-4063-94C1-5154669BE6D5",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EEB4D53-DD21-4145-B802-3ECC00998CC4",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "047F5F65-909C-4151-A8DF-B3DD7CDEEDEF",
              "versionEndExcluding": "1.0.11.128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F445F83B-1CFC-41E9-9446-72E1FCE5A222",
              "versionEndExcluding": "1.0.0.72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FF56D6-F2B4-406A-AFFE-B9502E22FFDE",
              "versionEndExcluding": "1.0.5.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA344C08-94F1-47F8-9607-3D854B890E19",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B2293C-09AD-4B5A-B2A0-923E2B9923AA",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83ECB19-F32A-4413-8B51-3B871F1C2610",
              "versionEndExcluding": "1.0.4.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4905D866-2326-487F-AAA5-96ABA0DBD56E",
              "versionEndExcluding": "1.4.2.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB34F838-B338-41CC-9EC8-4712C4CF84AE",
              "versionEndExcluding": "1.0.2.156",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5D6D75-ADD4-4D61-A54A-4DA0FE9722B9",
              "versionEndExcluding": "1.0.2.156",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D5268F-C2DA-4323-A71A-784DAB080D64",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4936DA57-0FEF-4BD1-8075-7DBB144D6C51",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1071E817-2865-4D9A-BAD6-36CDCC86A2D3",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax35v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8EBFE8-A19D-4095-902D-E3DE5FE9B152",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax35v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9358B2F2-D24E-434D-AEE5-6CE093598793",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax38v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "622B679D-8F20-40A2-B8CB-054FCB13DC8E",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax38v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE59D8F1-1883-4C96-8099-AA6B362A8D2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax40v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7252E5-A12A-49E7-BFF5-2974FBC876F0",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax40v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEAD12D-6D90-4CFB-9E59-2CEBD400C567",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6786B925-498E-458D-94F4-83F337DE469C",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3128D842-33C1-453A-B4BF-F383F7C7A924",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDFCA49-7EF9-413B-A7CA-7D51CA7D12CB",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78BF9561-75D1-4B7A-ABE3-871D6C647978",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36A7666-610A-4C67-AD7D-C4473CC35994",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6B59EE-5B90-4139-8306-B50846BB1EC6",
              "versionEndExcluding": "1.0.4.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6065375D-CB51-403B-B6CD-BBBA53685E08",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "324447B4-A3B2-41C7-A003-F7A09C66ACD2",
              "versionEndExcluding": "1.0.5.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:raxe450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "24003AB5-CFB9-4A28-BDBE-2800B5222865",
              "versionEndExcluding": "1.0.8.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:raxe450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D7EC2C-E443-4749-854E-5BC057CA6B06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:raxe500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "018EFBF6-9AE3-4361-B8E2-A0A4B668295F",
              "versionEndExcluding": "1.0.8.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:raxe500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D23ADF0-05B4-4163-9666-3F470FB19E01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95AF0FA9-F2C5-4D84-BF37-AA8CB6EC3C4A",
              "versionEndExcluding": "1.5.1.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndr3400v3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "836591C8-6B93-4C41-808D-9FF4080A5F51",
              "versionEndExcluding": "1.0.1.42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndr3400v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F227D8-332F-4D24-BAEA-AA5DB3E3EC95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnr3500lv2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3EC77D7-D5B5-48A4-ACF9-7919A7254A31",
              "versionEndExcluding": "1.2.0.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnr3500lv2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3F6D58-D900-41B4-8626-58928866208A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
    },
    {
      "lang": "es",
      "value": "Falta autenticaci\u00f3n httpd de varios enrutadores de NETGEAR para vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de funciones cr\u00edticas. Esta vulnerabilidad permite a atacantes adyacentes a la red revelar informaci\u00f3n confidencial sobre instalaciones afectadas de m\u00faltiples enrutadores NETGEAR. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del servicio httpd, que escucha en el puerto TCP 80 de forma predeterminada. El problema se debe a la falta de autenticaci\u00f3n antes de permitir el acceso a la informaci\u00f3n de configuraci\u00f3n del sistema. Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, lo que provocar\u00eda un mayor compromiso. Era ZDI-CAN-13708."
    }
  ],
  "id": "CVE-2021-34983",
  "lastModified": "2025-08-14T01:40:56.983",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-07T23:15:13.573",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2024-1431

Vulnerability from fkie_nvd - Published: 2024-02-11 03:15 - Updated: 2024-11-21 08:50
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
cna@vuldb.comhttps://github.com/leetsun/Hints/tree/main/R7000/2Exploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.253382Permissions Required
cna@vuldb.comhttps://vuldb.com/?id.253382Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://github.com/leetsun/Hints/tree/main/R7000/2Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.253382Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.253382Permissions Required
Impacted products
Vendor Product Version
netgear r7000_firmware 1.0.11.136_10.2.120
netgear r7000 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A5378E-0EE4-47EE-9EB3-CECC4852D104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en Netgear R7000 1.0.11.136_10.2.120 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /debuginfo.htm del componente Web Management Interface es afectada por este problema. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-253382 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "id": "CVE-2024-1431",
  "lastModified": "2024-11-21T08:50:34.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-11T03:15:07.733",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?ctiid.253382"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?id.253382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?ctiid.253382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?id.253382"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-1430

Vulnerability from fkie_nvd - Published: 2024-02-11 01:15 - Updated: 2024-11-21 08:50
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
cna@vuldb.comhttps://github.com/leetsun/Hints/tree/main/R7000/1Exploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.253381Permissions Required
cna@vuldb.comhttps://vuldb.com/?id.253381Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?submit.276025
cna@vuldb.comhttps://www.netgear.com/
af854a3a-2127-422b-91ae-364da2661108https://github.com/leetsun/Hints/tree/main/R7000/1Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?ctiid.253381Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.253381Third Party Advisory
Impacted products
Vendor Product Version
netgear r7000_firmware 1.0.11.136_10.2.120
netgear r7000 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A5378E-0EE4-47EE-9EB3-CECC4852D104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad ha sido encontrada en Netgear R7000 1.0.11.136_10.2.120 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /currentsetting.htm del componente Web Management Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-253381. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
    }
  ],
  "id": "CVE-2024-1430",
  "lastModified": "2024-11-21T08:50:34.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-11T01:15:07.750",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?ctiid.253381"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://vuldb.com/?id.253381"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.276025"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://www.netgear.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://vuldb.com/?ctiid.253381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://vuldb.com/?id.253381"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-36187

Vulnerability from fkie_nvd - Published: 2023-09-01 16:15 - Updated: 2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
References
cve@mitre.orghttps://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578Vendor Advisory
Impacted products
Vendor Product Version
netgear cbr40_firmware *
netgear cbr40 -
netgear lax20_firmware *
netgear lax20 -
netgear mk62_firmware *
netgear mk62 -
netgear mr60_firmware *
netgear mr60 -
netgear ms60_firmware *
netgear ms60 -
netgear rbw30_firmware *
netgear rbw30 -
netgear r6400_firmware *
netgear r6400 -
netgear r6400v2_firmware *
netgear r6400v2 -
netgear r6700v3_firmware *
netgear r6700v3 -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear rax200_firmware *
netgear rax200 -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483E92A-5858-49B5-9499-E132941F5ACD",
              "versionEndExcluding": "2.5.0.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
              "versionEndExcluding": "1.1.6.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A6768BE-C869-4CC5-B683-08B8E4DDD683",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mk62:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A79475-37BE-47BD-A629-DCEF22500B0B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6E7187-B191-473D-9E9D-0990447AB8C6",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B2ED6-D7C9-4B84-BCD0-9C98B80A5F53",
              "versionEndExcluding": "1.1.6.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40DCD126-3E67-4D6E-BD6D-BB84E4FDB344",
              "versionEndExcluding": "2.6.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA73D22-970D-45F2-81F3-9576C04CCC94",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1BB56F-20B5-4A79-AE9D-429A011EAA4C",
              "versionEndExcluding": "1.0.1.70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0095B9D4-E161-4050-B283-2166CB86CB24",
              "versionEndExcluding": "1.0.4.118",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE6B3A8-0601-44EA-AD9B-3BDDE6654FDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0702F9B6-2DAC-4308-8737-9F85AD28E847",
              "versionEndExcluding": "1.0.4.118",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88DA385-5FAE-49EC-80D6-78F81E7EEC16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A588D-46A9-4EFF-8196-46B7A87F1A2D",
              "versionEndExcluding": "1.0.11.130",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6334DE4D-E78B-4582-9C6F-6123DA5192C7",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF9F3BA-4239-4F4D-A65E-A6752A5420F6",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "334BB384-5C29-4D24-9F82-B8EE8D0CA8BF",
              "versionEndExcluding": "1.0.4.120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en NETGEAR R6400v2 antes de la versi\u00f3n 1.0.4.118, permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una URL manipulada para httpd. "
    }
  ],
  "id": "CVE-2023-36187",
  "lastModified": "2024-11-21T08:09:23.400",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-01T16:15:08.020",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27647

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-524/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-524/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear cax80_firmware *
netgear cax80 -
netgear lax20_firmware *
netgear lax20 -
netgear mr60_firmware *
netgear mr60 -
netgear mr80_firmware *
netgear mr80 -
netgear ms60_firmware *
netgear ms60 -
netgear ms80_firmware *
netgear ms80 -
netgear r6400_firmware *
netgear r6400 -
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8500_firmware *
netgear r8500 -
netgear rax15_firmware *
netgear rax15 -
netgear rax20_firmware *
netgear rax20 -
netgear rax200_firmware *
netgear rax200 -
netgear rax35_firmware *
netgear rax35 v2
netgear rax38_firmware *
netgear rax38 v2
netgear rax40_firmware *
netgear rax40 v2
netgear rax42_firmware *
netgear rax42 -
netgear rax43_firmware *
netgear rax43 -
netgear rax45_firmware *
netgear rax45 -
netgear rax48_firmware *
netgear rax48 -
netgear rax50_firmware *
netgear rax50 -
netgear rax50s_firmware *
netgear rax50s -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
netgear r7100lg_firmware *
netgear r7100lg -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2",
              "versionEndExcluding": "2.1.3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
              "versionEndExcluding": "1.1.6.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72582A2-5A44-4ED5-8497-FCAB59A125BE",
              "versionEndExcluding": "1.1.6.124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243",
              "versionEndExcluding": "1.1.6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F50C923-68DC-48EB-A41B-0D3F99B16E1F",
              "versionEndExcluding": "1.1.6.124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E44445-7F76-4CD6-91AC-CEBC46DFA587",
              "versionEndExcluding": "1.1.6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC",
              "versionEndExcluding": "1.0.1.78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."
    }
  ],
  "id": "CVE-2022-27647",
  "lastModified": "2024-11-21T06:56:05.650",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.773",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27643

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-519/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-519/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear r6400_firmware *
netgear r6400 -
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8500_firmware *
netgear r8500 -
netgear rax200_firmware *
netgear rax200 -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
netgear r7100lg_firmware *
netgear r7100lg -
netgear wndr3400_firmware *
netgear wndr3400 v3
netgear wnr3500l_firmware *
netgear wnr3500l v2
netgear xr300_firmware *
netgear xr300 -
netgear dc112a_firmware *
netgear dc112a -
netgear d6220_firmware *
netgear d6220 -
netgear d6400_firmware *
netgear d6400 -
netgear ex3700_firmware *
netgear ex3700 -
netgear ex3800_firmware *
netgear ex3800 -
netgear ex6120_firmware *
netgear ex6120 -
netgear ex6130_firmware *
netgear ex6130 -
netgear d7000v2_firmware *
netgear d7000v2 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC",
              "versionEndExcluding": "1.0.1.78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B982B02E-52CA-4AEE-B2DB-3B7851469088",
              "versionEndExcluding": "1.0.1.44",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndr3400:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1992E44C-122C-41BC-8FDC-5F9EBEE1FB7C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D8ED5C-AA45-41A5-B9BE-FBA3EECFCA09",
              "versionEndExcluding": "1.2.0.72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8DE4BFA-41DE-4748-ACC7-14362333A059",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "004CA551-E868-447C-B853-3A13E5956C3B",
              "versionEndExcluding": "1.0.3.72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3859B4-7910-4872-89BF-89423C9E988C",
              "versionEndExcluding": "1.0.0.64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87FFC46-137D-45B8-B437-F15565FB33D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B1D5CE-C17F-43CF-9030-749CE89A7149",
              "versionEndExcluding": "1.0.0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EEA190-2E9C-4586-BF81-B115532FBA23",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C80E07-CB90-4E73-9972-7F5CAABBF107",
              "versionEndExcluding": "1.0.0.114",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D30939B-86E3-4C78-9B05-686B4994C8B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E742DBED-D806-4667-BA89-EEA8F8C6F734",
              "versionEndExcluding": "1.0.0.96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAA5899-B73C-4690-853E-B5400F034BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93528775-F1CD-4A31-A50F-EBECFFCD4BE7",
              "versionEndExcluding": "1.0.0.96",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5488D9-651C-4BAB-A141-06B816690D42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B89143-A6F7-4181-A553-B2BACCE3723D",
              "versionEndExcluding": "1.0.0.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6DFDB6-1D7A-459A-8D30-FD4900ED718B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C15EB8-4B1F-4245-9498-F26EA7E912DF",
              "versionEndExcluding": "1.0.0.48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E295C-9C73-4798-A0BE-7973E1EE5EAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d7000v2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9808B932-6DDD-4119-9712-70C46644B3C0",
              "versionEndExcluding": "1.0.0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d7000v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC6BD34-1A2C-4247-A20C-0B44C0F56E0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692."
    }
  ],
  "id": "CVE-2022-27643",
  "lastModified": "2024-11-21T06:56:05.040",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.497",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27645

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-522/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-522/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear lax20_firmware *
netgear lax20 -
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r7000_firmware *
netgear r7000 -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8500_firmware *
netgear r8500 -
netgear rax15_firmware *
netgear rax15 -
netgear rax20_firmware *
netgear rax20 -
netgear rax200_firmware *
netgear rax200 -
netgear rax35_firmware *
netgear rax35 v2
netgear rax38_firmware *
netgear rax38 v2
netgear rax40_firmware *
netgear rax40 v2
netgear rax42_firmware *
netgear rax42 -
netgear rax43_firmware *
netgear rax43 -
netgear rax45_firmware *
netgear rax45 -
netgear rax48_firmware *
netgear rax48 -
netgear rax50_firmware *
netgear rax50 -
netgear rax50s_firmware *
netgear rax50s -
netgear rax75_firmware *
netgear rax75 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
              "versionEndExcluding": "1.1.6.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."
    }
  ],
  "id": "CVE-2022-27645",
  "lastModified": "2024-11-21T06:56:05.333",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.637",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-697"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27644

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-520/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-520/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7850_firmware *
netgear r7850 -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear rax200_firmware *
netgear rax200 -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
netgear cbr40_firmware *
netgear cbr40 -
netgear lbr1020_firmware *
netgear lbr1020 -
netgear lbr20_firmware *
netgear lbr20 -
netgear rbr10_firmware *
netgear rbr10 -
netgear rbr20_firmware *
netgear rbr20 -
netgear rbr40_firmware *
netgear rbr40 -
netgear rbr50_firmware *
netgear rbr50 -
netgear rbs10_firmware *
netgear rbs10 -
netgear rbs20_firmware *
netgear rbs20 -
netgear rbs40_firmware *
netgear rbs40 -
netgear rbs50_firmware *
netgear rbs50 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1671BC-AB3B-493F-81F6-C38D1489BF9C",
              "versionEndExcluding": "2.5.0.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03942539-865D-4920-8C59-D211C6A5E97C",
              "versionEndExcluding": "2.7.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C90106-692A-4574-907A-86B7BA743AEF",
              "versionEndExcluding": "2.7.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "008227D9-B549-48EB-BEE5-492461CD3654",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C119E51F-AC11-48F9-85AA-29255E64F8DC",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35792D02-E5E4-41D1-9AB8-C595015A6608",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26315AA3-35C7-415F-B12E-D0081DCA5A52",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797."
    }
  ],
  "id": "CVE-2022-27644",
  "lastModified": "2024-11-21T06:56:05.187",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.4,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.563",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27642

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-518/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-518/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear cax80_firmware *
netgear cax80 -
netgear lax20_firmware *
netgear lax20 -
netgear mr60_firmware *
netgear mr60 -
netgear mr80_firmware *
netgear mr80 -
netgear ms60_firmware *
netgear ms60 -
netgear ms80_firmware *
netgear ms80 -
netgear r6400_firmware *
netgear r6400 -
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7850_firmware *
netgear r7850 -
netgear r7900p_firmware *
netgear r7900p -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear r8500_firmware *
netgear r8500 -
netgear rax15_firmware *
netgear rax15 -
netgear rax20_firmware *
netgear rax20 -
netgear rax200_firmware *
netgear rax200 -
netgear rax35_firmware *
netgear rax35 v2
netgear rax38_firmware *
netgear rax38 v2
netgear rax40_firmware *
netgear rax40 v2
netgear rax42_firmware *
netgear rax42 -
netgear rax43_firmware *
netgear rax43 -
netgear rax45_firmware *
netgear rax45 -
netgear rax48_firmware *
netgear rax48 -
netgear rax50_firmware *
netgear rax50 -
netgear rax50s_firmware *
netgear rax50s -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
netgear r7100lg_firmware *
netgear r7100lg -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:cax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7BD19F-A89B-4941-9422-E4FFBD76DBD2",
              "versionEndExcluding": "2.1.3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:cax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "673A83EA-E359-4629-8B20-5382C15260B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF0F2B55-DBD3-4762-92EA-A01D57277A9D",
              "versionEndExcluding": "1.1.6.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "491CEB8D-22F3-4F86-96F0-03C5C58BA295",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72582A2-5A44-4ED5-8497-FCAB59A125BE",
              "versionEndExcluding": "1.1.6.124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BB3ECD-2F0B-4625-A1DB-F6CEFC46E277",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC64FD2-5D52-4BA2-8A5B-8AC11BE06243",
              "versionEndExcluding": "1.1.6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A086E76-3F23-4C21-AC96-F11372A8A186",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F50C923-68DC-48EB-A41B-0D3F99B16E1F",
              "versionEndExcluding": "1.1.6.124",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F003F064-591C-4D7C-9EC4-D0E553BC6683",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E44445-7F76-4CD6-91AC-CEBC46DFA587",
              "versionEndExcluding": "1.1.6.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1A0669-790A-4EE7-A0DC-6E1023D6B4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41218DC-3A06-4582-A8B8-0320F76F3DFC",
              "versionEndExcluding": "1.0.1.78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E4CDF6B-3829-44D0-9675-71D7BE83CAA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD3DCC5-342C-4E66-8BFB-545C2D375A81",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE6DCC3-C225-45A3-A6D0-52BA730EC285",
              "versionEndExcluding": "1.0.2.158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D60F61B-2487-46D7-8B93-4035147AA0AB",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B624B4D3-BCF4-4F95-B401-A88BEC3145A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AE4A8C-19CF-44B0-83F1-F3386305B3E3",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038703C-C79D-4DD4-8B16-E1A5FC6694C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8ED09D-C874-45EB-AD84-1DB0129C55EC",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax35:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "972BB714-8869-42C6-95F6-2C15AFA65716",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C7B1AC-0329-48A9-87AD-596C0EC7B3C6",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax38:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8306FEBE-ED60-47F0-AB49-E629018D7C33",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DAEBC1-A1A3-4329-AD32-D41E6576A9DA",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax40:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5F8B3F-C0D0-496C-A235-A467EA578C28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax42_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "756EAEA3-3DC5-4F2F-8C92-29C12FCEAE2C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax42:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83182AB-E726-4371-B092-FA1920408FED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B1B071-C0AD-46AA-8B3D-AF32D71E088C",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax43:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "178BB386-F66C-4CE8-9283-37D22B304691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97147D06-DBE4-420F-AF06-604C74710080",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B08BD69-CDCC-4CEB-B887-4E47D2B45D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax48_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F540D5F-F4F5-47B1-B76F-C18004395596",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E50F2A-C46C-4875-84AB-04AA00BFA53F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1737CE-683A-4A8D-9DDC-9BCF1822ABCF",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C430976E-24C0-4EA7-BF54-F9C188AB9C01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax50s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F282A9F3-E07C-44EB-A21A-462A3DEDAB39",
              "versionEndExcluding": "1.0.10.110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax50s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB69710-DA7E-4011-A61A-BA40462A041F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98293B5-C804-4ED5-8344-12AA02E933CB",
              "versionEndExcluding": "1.0.0.76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366FA778-3C2A-42AF-9141-DAD7043B406C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854."
    }
  ],
  "id": "CVE-2022-27642",
  "lastModified": "2024-11-21T06:56:04.887",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.407",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27641

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-544/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-544/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear d7800_firmware *
netgear d7800 -
netgear ex6200_firmware *
netgear ex6200 v2
netgear ex8000_firmware *
netgear ex8000 -
netgear r6220_firmware *
netgear r6220 -
netgear r6230_firmware *
netgear r6230 -
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r7000_firmware *
netgear r7000 -
netgear r7800_firmware *
netgear r7800 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9421E8-61DA-4497-8576-5CBA55019082",
              "versionEndExcluding": "1.0.1.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2D4987-3726-4A72-8D32-592F59FAC46D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A95FDF5-AFCD-4CF4-BB54-EFCB6FD4A429",
              "versionEndExcluding": "1.0.1.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F62287-CB55-4FB1-AA39-62018654BA39",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:ex8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD5F37C-CC25-45B9-832F-3285F51626B5",
              "versionEndExcluding": "1.0.1.240",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D9781C9-799A-4BDA-A027-987627A01633",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "173D7165-8664-42A7-A168-8A908E823385",
              "versionEndExcluding": "1.1.0.112",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18AC4290-2157-47C6-822B-6D74AA1555D4",
              "versionEndExcluding": "1.1.0.112",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "244DDD83-132B-4C17-B15E-0912273EAAD2",
              "versionEndExcluding": "1.0.4.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD56833-1B76-4187-A1DB-53E21BB6414F",
              "versionEndExcluding": "1.0.4.122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3A588D-46A9-4EFF-8196-46B7A87F1A2D",
              "versionEndExcluding": "1.0.11.130",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B76682F-F6C7-446A-8F34-2E3E3900BDDE",
              "versionEndExcluding": "1.0.2.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806."
    }
  ],
  "id": "CVE-2022-27641",
  "lastModified": "2024-11-21T06:56:04.750",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.327",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-544/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-544/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-27646

Vulnerability from fkie_nvd - Published: 2023-03-29 19:15 - Updated: 2024-11-21 06:56
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
References
zdi-disclosures@trendmicro.comhttps://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324Vendor Advisory
zdi-disclosures@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-523/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-523/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
netgear r6400_firmware *
netgear r6400 v2
netgear r6700_firmware *
netgear r6700 v3
netgear r6900p_firmware *
netgear r6900p -
netgear r7000_firmware *
netgear r7000 -
netgear r7000p_firmware *
netgear r7000p -
netgear r7850_firmware *
netgear r7850 -
netgear r7960p_firmware *
netgear r7960p -
netgear r8000_firmware *
netgear r8000 -
netgear r8000p_firmware *
netgear r8000p -
netgear rax200_firmware *
netgear rax200 -
netgear rax75_firmware *
netgear rax75 -
netgear rax80_firmware *
netgear rax80 -
netgear rs400_firmware *
netgear rs400 -
netgear cbr40_firmware *
netgear cbr40 -
netgear lbr1020_firmware *
netgear lbr1020 -
netgear lbr20_firmware *
netgear lbr20 -
netgear rbr10_firmware *
netgear rbr10 -
netgear rbr20_firmware *
netgear rbr20 -
netgear rbr40_firmware *
netgear rbr40 -
netgear rbr50_firmware *
netgear rbr50 -
netgear rbs10_firmware *
netgear rbs10 -
netgear rbs20_firmware *
netgear rbs20 -
netgear rbs40_firmware *
netgear rbs40 -
netgear rbs50_firmware *
netgear rbs50 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC79CFE-9036-472C-AB28-FF293BBE1780",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE9AD2-BC8D-477D-A3D3-891AE52FA5F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E2D0D-7D18-4AF1-8683-346BD1069DC1",
              "versionEndExcluding": "1.0.4.126",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A09A9E8-8C77-4EDB-9483-B3C540EF083A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52E9373-C896-405F-9CEC-2E8707B249F5",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
              "versionEndExcluding": "1.0.11.134",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D67D8C3-98DA-4B7D-BA7D-AB5F13E627F9",
              "versionEndExcluding": "1.3.3.148",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EA99A24-E836-40F4-BF61-C4489E3713F0",
              "versionEndExcluding": "1.0.5.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF94D73-B6D0-4334-9A41-83AA92B7C6DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CF98F-A933-4CF2-A4FF-5AF15A9E1E18",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "091CEDB5-0069-4253-86D8-B9FE17CB9F24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72325BC2-C9AC-4B24-865E-662BDF05BD99",
              "versionEndExcluding": "1.0.4.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D00CD-350B-4059-9C51-BF843C72B45E",
              "versionEndExcluding": "1.4.3.88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C706F152-6163-4276-B608-C4AF196E070F",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "58EB0F2F-FB5C-47D9-9AE6-087AE517B3F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E301ACAC-E217-4329-8A32-83946E61999E",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BAA74D7-36A1-4494-96A2-BD0D2D6BF22F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8028906-D5AB-4CE6-8431-844E6F98B9AD",
              "versionEndExcluding": "1.0.6.138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B5A85C-3588-4263-B9AD-4E56D3F6CB16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7E8C9-62BD-45E2-8A7A-D29A6150622A",
              "versionEndExcluding": "1.5.1.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rs400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2700644E-0940-4D05-B3CA-904D91739E58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1671BC-AB3B-493F-81F6-C38D1489BF9C",
              "versionEndExcluding": "2.5.0.28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lbr1020_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03942539-865D-4920-8C59-D211C6A5E97C",
              "versionEndExcluding": "2.7.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lbr1020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "953F0743-4B34-4CE9-815E-D87253720CBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:lbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C90106-692A-4574-907A-86B7BA743AEF",
              "versionEndExcluding": "2.7.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:lbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "863E45EA-2DA0-4C9A-9B87-79E42B3FF97C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC9F546-DE9F-4B4F-B6C0-166A109FC4F6",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DADAA79-9A5C-4B6F-A58D-704ACD1C3334",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0583B690-ABA5-4E18-AE1F-2ADA800B2AF3",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "008227D9-B549-48EB-BEE5-492461CD3654",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E20E59-2B1E-4E43-A494-2C20FD716D4F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0789B88D-574A-4FF7-A579-6FD0DF5CCA1F",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C119E51F-AC11-48F9-85AA-29255E64F8DC",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BAB5C0-F645-4A90-833F-6345335FA1AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35792D02-E5E4-41D1-9AB8-C595015A6608",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED42A4B-C04A-431D-8CE5-F219BFC1FA39",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDCDE39-0355-43B9-BF57-F3718DA2988D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26315AA3-35C7-415F-B12E-D0081DCA5A52",
              "versionEndExcluding": "2.7.4.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879."
    }
  ],
  "id": "CVE-2022-27646",
  "lastModified": "2024-11-21T06:56:05.500",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-29T19:15:08.707",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-523/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-523/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Primary"
    }
  ]
}

CVE-2025-44650 (GCVE-0-2025-44650)

Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-08-07 13:29
VLAI?
Summary
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-44650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T15:47:00.463097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-22T15:47:28.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T13:29:43.759Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.netgear.com/about/security/"
        },
        {
          "url": "https://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67d"
        },
        {
          "url": "https://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-44650",
    "datePublished": "2025-07-21T00:00:00.000Z",
    "dateReserved": "2025-04-22T00:00:00.000Z",
    "dateUpdated": "2025-08-07T13:29:43.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35520 (GCVE-0-2024-35520)

Vulnerability from cvelistv5 – Published: 2024-10-14 00:00 – Updated: 2024-10-15 14:23
VLAI?
Summary
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
Severity ?
8.4 (High)
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r7000_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.136"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35520",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T14:09:34.784101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T14:23:36.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T21:07:39.206315",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-35520",
    "datePublished": "2024-10-14T00:00:00",
    "dateReserved": "2024-05-17T00:00:00",
    "dateUpdated": "2024-10-15T14:23:36.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34983 (GCVE-0-2021-34983)

Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
Severity ?
6.5 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T15:08:46.169063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T18:38:20.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:55.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-21-1275",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Multiple Routers",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "V1.0.11.116_10.2.100"
            }
          ]
        }
      ],
      "dateAssigned": "2021-06-30T08:56:51.720-05:00",
      "datePublic": "2021-10-29T08:54:16.924-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T22:54:51.052Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-21-1275",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Sungur Labs"
      },
      "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-34983",
    "datePublished": "2024-05-07T22:54:51.052Z",
    "dateReserved": "2021-06-17T19:27:05.662Z",
    "dateUpdated": "2024-08-04T00:26:55.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34982 (GCVE-0-2021-34982)

Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
Severity ?
8.8 (High)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "multiple_router_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.116_10.0.100"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T14:52:41.415481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:45.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:55.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-21-1274",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Multiple Routers",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "V1.0.11.116_10.2.100"
            }
          ]
        }
      ],
      "dateAssigned": "2021-06-30T08:56:51.718-05:00",
      "datePublic": "2021-10-29T08:54:08.659-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T22:54:50.139Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-21-1274",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Sungur Labs"
      },
      "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-34982",
    "datePublished": "2024-05-07T22:54:50.139Z",
    "dateReserved": "2021-06-17T19:27:05.662Z",
    "dateUpdated": "2024-08-04T00:26:55.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1431 (GCVE-0-2024-1431)

Vulnerability from cvelistv5 – Published: 2024-02-11 02:31 – Updated: 2024-08-01 18:40
VLAI?
Summary
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Netgear R7000 Affected: 1.0.11.136_10.2.120
Create a notification for this product.
Credits
leetsun (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T13:37:18.114368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:20:50.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.253382"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.253382"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "R7000",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.11.136_10.2.120"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Netgear R7000 1.0.11.136_10.2.120 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /debuginfo.htm der Komponente Web Management Interface. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-11T02:31:04.685Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.253382"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.253382"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-02-10T10:48:18.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear R7000 Web Management Interface debuginfo.htm information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-1431",
    "datePublished": "2024-02-11T02:31:04.685Z",
    "dateReserved": "2024-02-10T09:42:59.598Z",
    "dateUpdated": "2024-08-01T18:40:21.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1430 (GCVE-0-2024-1430)

Vulnerability from cvelistv5 – Published: 2024-02-11 00:31 – Updated: 2024-08-25 05:52
VLAI?
Summary
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
4.3 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Netgear R7000 Affected: 1.0.11.136_10.2.120
Create a notification for this product.
Credits
leetsun (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r7000_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.136_10.2.120"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1430",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:44:12.428892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T20:33:07.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.253381"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.253381"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "R7000",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.11.136_10.2.120"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Netgear R7000 1.0.11.136_10.2.120 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /currentsetting.htm der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-25T05:52:59.935Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-253381 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.253381"
        },
        {
          "name": "VDB-253381 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.253381"
        },
        {
          "name": "Submit #276025 | Netgear R7000 \u2014  Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.276025"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.netgear.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2024-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-03T11:32:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear R7000 Web Management Interface currentsetting.htm information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-1430",
    "datePublished": "2024-02-11T00:31:04.302Z",
    "dateReserved": "2024-02-10T09:42:57.248Z",
    "dateUpdated": "2024-08-25T05:52:59.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36187 (GCVE-0-2023-36187)

Vulnerability from cvelistv5 – Published: 2023-09-01 00:00 – Updated: 2024-10-01 16:26
VLAI?
Summary
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:41.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r6400v2",
            "vendor": "netgear",
            "versions": [
              {
                "lessThan": "1.0.4.118",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T16:25:37.076547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T16:26:34.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-01T15:04:10.728733",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-36187",
    "datePublished": "2023-09-01T00:00:00",
    "dateReserved": "2023-06-21T00:00:00",
    "dateUpdated": "2024-10-01T16:26:34.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27644 (GCVE-0-2022-27644)

Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:48
VLAI?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
Severity ?
5 (Medium)
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
Create a notification for this product.
Credits
Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T17:48:29.884992Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T17:48:57.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R6700v3",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.4.120_10.0.91"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T00:00:00.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
        },
        {
          "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2022-27644",
    "datePublished": "2023-03-29T00:00:00.000Z",
    "dateReserved": "2022-03-22T00:00:00.000Z",
    "dateUpdated": "2025-02-18T17:48:57.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-44650 (GCVE-0-2025-44650)

Vulnerability from nvd – Published: 2025-07-21 00:00 – Updated: 2025-08-07 13:29
VLAI?
Summary
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-44650",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T15:47:00.463097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-22T15:47:28.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T13:29:43.759Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.netgear.com/about/security/"
        },
        {
          "url": "https://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67d"
        },
        {
          "url": "https://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-44650",
    "datePublished": "2025-07-21T00:00:00.000Z",
    "dateReserved": "2025-04-22T00:00:00.000Z",
    "dateUpdated": "2025-08-07T13:29:43.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35520 (GCVE-0-2024-35520)

Vulnerability from nvd – Published: 2024-10-14 00:00 – Updated: 2024-10-15 14:23
VLAI?
Summary
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
Severity ?
8.4 (High)
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r7000_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.136"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35520",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T14:09:34.784101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T14:23:36.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T21:07:39.206315",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-35520",
    "datePublished": "2024-10-14T00:00:00",
    "dateReserved": "2024-05-17T00:00:00",
    "dateUpdated": "2024-10-15T14:23:36.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34983 (GCVE-0-2021-34983)

Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
Severity ?
6.5 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T15:08:46.169063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T18:38:20.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:55.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-21-1275",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Multiple Routers",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "V1.0.11.116_10.2.100"
            }
          ]
        }
      ],
      "dateAssigned": "2021-06-30T08:56:51.720-05:00",
      "datePublic": "2021-10-29T08:54:16.924-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T22:54:51.052Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-21-1275",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Sungur Labs"
      },
      "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-34983",
    "datePublished": "2024-05-07T22:54:51.052Z",
    "dateReserved": "2021-06-17T19:27:05.662Z",
    "dateUpdated": "2024-08-04T00:26:55.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34982 (GCVE-0-2021-34982)

Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
VLAI?
Summary
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
Severity ?
8.8 (High)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "multiple_router_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.116_10.0.100"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T14:52:41.415481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:45.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:55.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-21-1274",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Multiple Routers",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "V1.0.11.116_10.2.100"
            }
          ]
        }
      ],
      "dateAssigned": "2021-06-30T08:56:51.718-05:00",
      "datePublic": "2021-10-29T08:54:08.659-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-07T22:54:50.139Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-21-1274",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Sungur Labs"
      },
      "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-34982",
    "datePublished": "2024-05-07T22:54:50.139Z",
    "dateReserved": "2021-06-17T19:27:05.662Z",
    "dateUpdated": "2024-08-04T00:26:55.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1431 (GCVE-0-2024-1431)

Vulnerability from nvd – Published: 2024-02-11 02:31 – Updated: 2024-08-01 18:40
VLAI?
Summary
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Netgear R7000 Affected: 1.0.11.136_10.2.120
Create a notification for this product.
Credits
leetsun (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T13:37:18.114368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:20:50.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.093Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.253382"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.253382"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "R7000",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.11.136_10.2.120"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Netgear R7000 1.0.11.136_10.2.120 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /debuginfo.htm der Komponente Web Management Interface. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-11T02:31:04.685Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.253382"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.253382"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-02-10T10:48:18.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear R7000 Web Management Interface debuginfo.htm information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-1431",
    "datePublished": "2024-02-11T02:31:04.685Z",
    "dateReserved": "2024-02-10T09:42:59.598Z",
    "dateUpdated": "2024-08-01T18:40:21.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1430 (GCVE-0-2024-1430)

Vulnerability from nvd – Published: 2024-02-11 00:31 – Updated: 2024-08-25 05:52
VLAI?
Summary
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
4.3 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium)
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Netgear R7000 Affected: 1.0.11.136_10.2.120
Create a notification for this product.
Credits
leetsun (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r7000_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.11.136_10.2.120"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1430",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:44:12.428892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T20:33:07.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.253381"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.253381"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "R7000",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.11.136_10.2.120"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Netgear R7000 1.0.11.136_10.2.120 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /currentsetting.htm der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-25T05:52:59.935Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-253381 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.253381"
        },
        {
          "name": "VDB-253381 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.253381"
        },
        {
          "name": "Submit #276025 | Netgear R7000 \u2014  Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.276025"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.netgear.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-02-10T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2024-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-03T11:32:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear R7000 Web Management Interface currentsetting.htm information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-1430",
    "datePublished": "2024-02-11T00:31:04.302Z",
    "dateReserved": "2024-02-10T09:42:57.248Z",
    "dateUpdated": "2024-08-25T05:52:59.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36187 (GCVE-0-2023-36187)

Vulnerability from nvd – Published: 2023-09-01 00:00 – Updated: 2024-10-01 16:26
VLAI?
Summary
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:41.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "r6400v2",
            "vendor": "netgear",
            "versions": [
              {
                "lessThan": "1.0.4.118",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T16:25:37.076547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T16:26:34.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-01T15:04:10.728733",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-36187",
    "datePublished": "2023-09-01T00:00:00",
    "dateReserved": "2023-06-21T00:00:00",
    "dateUpdated": "2024-10-01T16:26:34.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27644 (GCVE-0-2022-27644)

Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:48
VLAI?
Summary
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
Severity ?
5 (Medium)
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
Create a notification for this product.
Credits
Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T17:48:29.884992Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T17:48:57.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R6700v3",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.4.120_10.0.91"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-29T00:00:00.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
        },
        {
          "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2022-27644",
    "datePublished": "2023-03-29T00:00:00.000Z",
    "dateReserved": "2022-03-22T00:00:00.000Z",
    "dateUpdated": "2025-02-18T17:48:57.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}