CVE-2022-27641

Name of the Vulnerable Software and Affected Versions NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR D7800 (affected versions not specified) NETGEAR R6220 (affected versions not specified) NETGEAR R6230 (affected versions not specified) NETGEAR R6400v2 (affected versions not specified) NETGEAR R7000 (affected versions not specified) NETGEAR R7800 (affected versions not specified)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR routers. Authentication is not required to exploit this issue. The specific flaw exists within the NetUSB module, resulting from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of root. The exploitation can occur via port 20005.

Recommendations For NETGEAR R6700v3 version 1.0.4.120 10.0.91, consider disabling the NetUSB module until a patch is available. For NETGEAR D7800, NETGEAR R6220, NETGEAR R6230, NETGEAR R6400v2, NETGEAR R7000, and NETGEAR R7800, at the moment, there is no information about a newer version that contains a fix for this issue.