CVE-2022-27645

Name: CVE-2022-27645
Creator: NVD / NIST
Published: 2023-03-29T19:15:08.637+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 1.28%

Last modified Jun 17, 2026

CVE-2022-27645 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. EPSS estimates a 1.28% chance of exploitation in the next 30 days.

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.28%

66.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Netgear	Lax20 Firmware	< 1.1.6.34
Netgear	R6400 Firmware	< 1.0.4.126
Netgear	R6700 Firmware	< 1.0.4.126
Netgear	R7000 Firmware	< 1.0.11.134
Netgear	R7850 Firmware	< 1.0.5.84
Netgear	R7900p Firmware	< 1.4.3.88
Netgear	R7960p Firmware	< 1.4.3.88
Netgear	R8000 Firmware	< 1.0.4.84
Netgear	R8000p Firmware	< 1.4.3.88
Netgear	R8500 Firmware	< 1.0.2.158
Netgear	Rax15 Firmware	< 1.0.10.110
Netgear	Rax20 Firmware	< 1.0.10.110
Netgear	Rax200 Firmware	< 1.0.6.138
Netgear	Rax35 Firmware	< 1.0.10.110
Netgear	Rax38 Firmware	< 1.0.10.110
Netgear	Rax40 Firmware	< 1.0.10.110
Netgear	Rax42 Firmware	< 1.0.10.110
Netgear	Rax43 Firmware	< 1.0.10.110
Netgear	Rax45 Firmware	< 1.0.10.110
Netgear	Rax48 Firmware	< 1.0.10.110
Netgear	Rax50 Firmware	< 1.0.10.110
Netgear	Rax50s Firmware	< 1.0.10.110
Netgear	Rax75 Firmware	< 1.0.6.138

References

https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/Third Party Advisory, VDB Entry
https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-522/Third Party Advisory, VDB Entry

Timeline

Published: Mar 29, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-27645?

How severe is CVE-2022-27645?

CVE-2022-27645 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.

How do I fix CVE-2022-27645?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-27645?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST