Bugscale Team

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR R6400 versions (affected versions not specified) NETGEAR R6400v2 versions (affected versions not specified) NETGEAR R6900P versions (affected versions not specified) NETGEAR R7000 versions (affected versions not specified) NETGEAR R7000P versions (affected versions not specified) NETGEAR R8500 versions (affected versions not specified) NETGEAR RAX15 versions (affected versions not specified) NETGEAR RAX20 versions (affected versions not specified) NETGEAR RAX35v2 versions (affected versions not specified) NETGEAR RAX38v2 versions (affected versions not specified) NETGEAR RAX40v2 versions (affected versions not specified) NETGEAR RAX42 versions (affected versions not specified) NETGEAR RAX43 versions (affected versions not specified) NETGEAR RAX45 versions (affected versions not specified) NETGEAR RAX48 versions (affected versions not specified) NETGEAR RAX50 versions (affected versions not specified) NETGEAR RAX50S versions (affected versions not specified) NETGEAR RS400 versions (affected versions not specified) NETGEAR R7100LG versions (affected versions not specified) NETGEAR LAX20 versions (affected versions not specified) NETGEAR CAX80 versions (affected versions not specified) NETGEAR MR80 versions (affected versions not specified) NETGEAR MS80 versions (affected versions not specified) **Description** This issue allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR routers. The specific flaw exists within the httpd service, resulting from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other issues to execute code in the context of root. The vulnerability is related to bypassing authentication via an alternative name. **Recommendations** For NETGEAR R6700v3 version 1.0.4.120 10.0.91, consider disabling the httpd service until a patch is available. For other affected NETGEAR devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R6400 version not specified NETGEAR R6400v2 version not specified NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR R6900P version not specified NETGEAR R7000 version not specified NETGEAR R7000P version not specified NETGEAR R8500 version not specified NETGEAR RAX15 version not specified NETGEAR RAX20 version not specified NETGEAR RAX35v2 version not specified NETGEAR RAX38v2 version not specified NETGEAR RAX40v2 version not specified NETGEAR RAX42 version not specified NETGEAR RAX43 version not specified NETGEAR RAX45 version not specified NETGEAR RAX48 version not specified NETGEAR RAX50 version not specified NETGEAR RAX50S version not specified NETGEAR RS400 version not specified NETGEAR R7100LG version not specified NETGEAR LAX20 version not specified NETGEAR CAX80 version not specified NETGEAR MR80 version not specified NETGEAR MS80 version not specified **Description** The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary code. The specific flaw exists within the handling of the `name` or `email` field provided to `libreadycloud.so`, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of `root`. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.