CVE-2022-27647

Name of the Vulnerable Software and Affected Versions NETGEAR R6400 version not specified NETGEAR R6400v2 version not specified NETGEAR R6700v3 version 1.0.4.120 10.0.91 NETGEAR R6900P version not specified NETGEAR R7000 version not specified NETGEAR R7000P version not specified NETGEAR R8500 version not specified NETGEAR RAX15 version not specified NETGEAR RAX20 version not specified NETGEAR RAX35v2 version not specified NETGEAR RAX38v2 version not specified NETGEAR RAX40v2 version not specified NETGEAR RAX42 version not specified NETGEAR RAX43 version not specified NETGEAR RAX45 version not specified NETGEAR RAX48 version not specified NETGEAR RAX50 version not specified NETGEAR RAX50S version not specified NETGEAR RS400 version not specified NETGEAR R7100LG version not specified NETGEAR LAX20 version not specified NETGEAR CAX80 version not specified NETGEAR MR80 version not specified NETGEAR MS80 version not specified

Description The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary code. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.