CVE-2022-27645

Name of the Vulnerable Software and Affected Versions NETGEAR R6400v2 version not specified NETGEAR R6700v3 version not specified NETGEAR R7000 version not specified NETGEAR R8500 version not specified NETGEAR RAX15 version not specified NETGEAR RAX20 version not specified NETGEAR RAX35v2 version not specified NETGEAR RAX38v2 version not specified NETGEAR RAX40v2 version not specified NETGEAR RAX42 version not specified NETGEAR RAX43 version not specified NETGEAR RAX45 version not specified NETGEAR RAX48 version not specified NETGEAR RAX50 version not specified NETGEAR RAX50S version not specified NETGEAR LAX20 version not specified

Description This issue allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR routers. The specific flaw exists within the readycloud control.cgi file, resulting from the lack of authentication prior to allowing access to functionality. An attacker can leverage this issue to execute code in the context of root. The exploitation of this issue may allow a remote attacker to bypass authentication via an alternative name.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.