Details of VAR-202203-1672

ID

VAR-202203-1672

CVE

CVE-2022-27644

TITLE

NETGEAR R6700v3 Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2025-17533 // CNNVD: CNNVD-202203-2057

DESCRIPTION

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. R6400 firmware, R6700 firmware, R6900P Multiple Netgear products, including firmware, contain vulnerabilities related to certificate validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR R6700v3 is a Nighthawk AC1750 Smart Dual-Band Gigabit Router from NETGEAR

Trust: 2.88

sources: NVD: CVE-2022-27644 // JVNDB: JVNDB-2022-021795 // ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // VULMON: CVE-2022-27644

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17533

AFFECTED PRODUCTS

vendor:	netgear	model:	lbr20	scope:	lt	version:	2.7.4.2	Trust: 1.0
vendor:	netgear	model:	rbs10	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.4.126	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.28	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.3.88	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	r7850	scope:	lt	version:	1.0.5.84	Trust: 1.0
vendor:	netgear	model:	rbr40	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	rs400	scope:	lt	version:	1.5.1.86	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.134	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.148	Trust: 1.0
vendor:	netgear	model:	lbr1020	scope:	lt	version:	2.7.4.2	Trust: 1.0
vendor:	netgear	model:	rbr10	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.84	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.6.138	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.7.4.24	Trust: 1.0
vendor:	ネットギア	model:	rbr10	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7960p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr1020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	lbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr50	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rs400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax75	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8000p	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r6700v3	scope:	-	version:	-	Trust: 0.7
vendor:	netgear	model:	r6700v3 1.0.4.120 10.0.91	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // JVNDB: JVNDB-2022-021795 // NVD: CVE-2022-27644

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2022-27644
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-27644
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-27644
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-27644
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2025-17533
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202203-2057
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17533
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-27644
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	3.4
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2022-27644
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27644
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-27644
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	3.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // JVNDB: JVNDB-2022-021795 // CNNVD: CNNVD-202203-2057 // NVD: CVE-2022-27644 // NVD: CVE-2022-27644

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-021795 // NVD: CVE-2022-27644

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202203-2057

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202203-2057

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324	Trust: 0.7
title:	Patch for NETGEAR R6700v3 Trust Management Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/713021	Trust: 0.6
title:	NETGEAR R6700v3 Repair measures for trust management problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=232029	Trust: 0.6

sources: ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // CNNVD: CNNVD-202203-2057

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27644	Trust: 4.6
db:	ZDI	id:	ZDI-22-520	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-021795	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15797	Trust: 0.7
db:	CNVD	id:	CNVD-2025-17533	Trust: 0.6
db:	CS-HELP	id:	SB2022032410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-2057	Trust: 0.6
db:	VULMON	id:	CVE-2022-27644	Trust: 0.1

sources: ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // VULMON: CVE-2022-27644 // JVNDB: JVNDB-2022-021795 // CNNVD: CNNVD-202203-2057 // NVD: CVE-2022-27644

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-22-520/	Trust: 3.8
url:	https://kb.netgear.com/000064721/security-advisory-for-multiple-vulnerabilities-on-multiple-products-psv-2021-0324	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27644	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27644/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032410	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-22-520 // CNVD: CNVD-2025-17533 // VULMON: CVE-2022-27644 // JVNDB: JVNDB-2022-021795 // CNNVD: CNNVD-202203-2057 // NVD: CVE-2022-27644

CREDITS

Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv

Trust: 1.3

sources: ZDI: ZDI-22-520 // CNNVD: CNNVD-202203-2057

SOURCES

db:	ZDI	id:	ZDI-22-520
db:	CNVD	id:	CNVD-2025-17533
db:	VULMON	id:	CVE-2022-27644
db:	JVNDB	id:	JVNDB-2022-021795
db:	CNNVD	id:	CNNVD-202203-2057
db:	NVD	id:	CVE-2022-27644

LAST UPDATE DATE

2025-08-06T22:55:28.085000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-520	date:	2022-03-23T00:00:00
db:	CNVD	id:	CNVD-2025-17533	date:	2025-08-05T00:00:00
db:	VULMON	id:	CVE-2022-27644	date:	2023-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-021795	date:	2023-11-14T04:15:00
db:	CNNVD	id:	CNNVD-202203-2057	date:	2023-04-06T00:00:00
db:	NVD	id:	CVE-2022-27644	date:	2023-04-05T15:22:23.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-520	date:	2022-03-23T00:00:00
db:	CNVD	id:	CNVD-2025-17533	date:	2025-07-29T00:00:00
db:	VULMON	id:	CVE-2022-27644	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-021795	date:	2023-11-14T00:00:00
db:	CNNVD	id:	CNNVD-202203-2057	date:	2022-03-23T00:00:00
db:	NVD	id:	CVE-2022-27644	date:	2023-03-29T19:15:08.563