Severity
Medium
Analysis Summary
CVE-2022-27644
NETGEAR R6700v3 could allow a remote attacker to execute arbitrary code on the system, caused by improper certificate validation in the downloading of files. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.
CVE-2022-27646
NETGEAR R6700v3 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the the circled daemon. By using a specialy-crafted circleinfo.txt file, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2022-27647
NETGEAR R6700v3 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the handling of the name or email field provided to libreadycloud.so. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Code Execution
- Buffer Overflow
- Command Execution
Indicator Of Compromise
CVE
- CVE-2022-27644
- CVE-2022-27646
- CVE-2022-27647
Affected Vendors
- NETGEAR
Affected Products
- NETGEAR R6700v3
Remediation
Refer to NETGEAR Security Advisory for patch, upgrade or suggested workaround information.