Sign-up

ID

VAR-202203-1671


CVE

CVE-2022-27647


TITLE

in multiple NETGEAR products.  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-022073

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874. cax80 firmware, LAX20 firmware, MR60 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is a Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

Trust: 2.88

sources: NVD: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // VULMON: CVE-2022-27647

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17534

AFFECTED PRODUCTS

vendor:netgearmodel:lax20scope:ltversion:1.1.6.34

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.0.4.126

Trust: 1.0

vendor:netgearmodel:rax42scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.4.126

Trust: 1.0

vendor:netgearmodel:rax50sscope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax48scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r6400scope:ltversion:1.0.1.78

Trust: 1.0

vendor:netgearmodel:r7960pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:r8000pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.76

Trust: 1.0

vendor:netgearmodel:rax75scope:ltversion:1.0.6.138

Trust: 1.0

vendor:netgearmodel:mr80scope:ltversion:1.1.6.14

Trust: 1.0

vendor:netgearmodel:ms80scope:ltversion:1.1.6.14

Trust: 1.0

vendor:netgearmodel:mr60scope:ltversion:1.1.6.124

Trust: 1.0

vendor:netgearmodel:rax80scope:ltversion:1.0.6.138

Trust: 1.0

vendor:netgearmodel:r7850scope:ltversion:1.0.5.84

Trust: 1.0

vendor:netgearmodel:rax40scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rs400scope:ltversion:1.5.1.86

Trust: 1.0

vendor:netgearmodel:r8500scope:ltversion:1.0.2.158

Trust: 1.0

vendor:netgearmodel:rax20scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:ms60scope:ltversion:1.1.6.124

Trust: 1.0

vendor:netgearmodel:r7000pscope:ltversion:1.3.3.148

Trust: 1.0

vendor:netgearmodel:rax38scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:r7000scope:ltversion:1.0.11.134

Trust: 1.0

vendor:netgearmodel:r7900pscope:ltversion:1.4.3.88

Trust: 1.0

vendor:netgearmodel:r6900pscope:ltversion:1.3.3.148

Trust: 1.0

vendor:netgearmodel:rax43scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:cax80scope:ltversion:2.1.3.7

Trust: 1.0

vendor:netgearmodel:r8000scope:ltversion:1.0.4.84

Trust: 1.0

vendor:netgearmodel:rax50scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax15scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax200scope:ltversion:1.0.6.138

Trust: 1.0

vendor:netgearmodel:rax35scope:ltversion:1.0.10.110

Trust: 1.0

vendor:netgearmodel:rax45scope:ltversion:1.0.10.110

Trust: 1.0

vendor:ネットギアmodel:mr60scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:cax80scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ms80scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:mr80scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8500scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r8000pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:ms60scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6900pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:lax20scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7960pscope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r6700scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rax15scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000pscope: - version: -

Trust: 0.8

vendor:netgearmodel:r6700v3scope: - version: -

Trust: 0.7

vendor:netgearmodel:r6700v3 1.0.4.120 10.0.91scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // JVNDB: JVNDB-2022-022073 // NVD: CVE-2022-27647

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2022-27647
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-27647
value: HIGH

Trust: 1.0

NVD: CVE-2022-27647
value: HIGH

Trust: 0.8

ZDI: CVE-2022-27647
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-17534
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202203-2064
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-17534
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2022-27647
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2022-27647
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2022-27647
baseSeverity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647 // NVD: CVE-2022-27647

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022073 // NVD: CVE-2022-27647

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2064

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202203-2064

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327

Trust: 0.7

title:Patch for NETGEAR R6700v3 Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/713026

Trust: 0.6

title:NETGEAR R6700v3 Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=231217

Trust: 0.6

sources: ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // CNNVD: CNNVD-202203-2064

EXTERNAL IDS

db:NVDid:CVE-2022-27647

Trust: 4.6

db:ZDIid:ZDI-22-524

Trust: 3.8

db:JVNDBid:JVNDB-2022-022073

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-15874

Trust: 0.7

db:CNVDid:CNVD-2025-17534

Trust: 0.6

db:CS-HELPid:SB2022032410

Trust: 0.6

db:CNNVDid:CNNVD-202203-2064

Trust: 0.6

db:VULMONid:CVE-2022-27647

Trust: 0.1

sources: ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // VULMON: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-22-524/

Trust: 3.8

url:https://kb.netgear.com/000064723/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0327

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27647

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27647/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032410

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-22-524 // CNVD: CNVD-2025-17534 // VULMON: CVE-2022-27647 // JVNDB: JVNDB-2022-022073 // CNNVD: CNNVD-202203-2064 // NVD: CVE-2022-27647

CREDITS

Bugscale team

Trust: 1.3

sources: ZDI: ZDI-22-524 // CNNVD: CNNVD-202203-2064

SOURCES

db:ZDIid:ZDI-22-524
db:CNVDid:CNVD-2025-17534
db:VULMONid:CVE-2022-27647
db:JVNDBid:JVNDB-2022-022073
db:CNNVDid:CNNVD-202203-2064
db:NVDid:CVE-2022-27647

LAST UPDATE DATE

2025-08-06T22:55:28.120000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-524date:2022-03-23T00:00:00
db:CNVDid:CNVD-2025-17534date:2025-08-05T00:00:00
db:VULMONid:CVE-2022-27647date:2023-03-30T00:00:00
db:JVNDBid:JVNDB-2022-022073date:2023-11-15T03:22:00
db:CNNVDid:CNNVD-202203-2064date:2023-04-07T00:00:00
db:NVDid:CVE-2022-27647date:2023-04-06T15:05:39.393

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-524date:2022-03-23T00:00:00
db:CNVDid:CNVD-2025-17534date:2025-07-29T00:00:00
db:VULMONid:CVE-2022-27647date:2023-03-29T00:00:00
db:JVNDBid:JVNDB-2022-022073date:2023-11-15T00:00:00
db:CNNVDid:CNNVD-202203-2064date:2022-03-23T00:00:00
db:NVDid:CVE-2022-27647date:2023-03-29T19:15:08.773