Login Sign Up

CVE-2022-27644

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2022-27644 is a certificate validation vulnerability in NETGEAR R6700v3 routers that allows network-adjacent attackers to intercept HTTPS downloads. This can lead to arbitrary code execution as root when combined with other vulnerabilities. Affected users are those with vulnerable NETGEAR router installations.

💻 Affected Systems

Products:
  • NETGEAR R6700v3
Versions: 1.0.4.120_10.0.91 and earlier
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects R6700v3 model, not other R6700 variants. Authentication not required for exploitation.

📦 What is this software?

Cbr40 Firmware by Netgear

View all CVEs affecting Cbr40 Firmware →

Lbr1020 Firmware by Netgear

View all CVEs affecting Lbr1020 Firmware →

Lbr20 Firmware by Netgear

View all CVEs affecting Lbr20 Firmware →

R6400 Firmware by Netgear

View all CVEs affecting R6400 Firmware →

R6700 Firmware by Netgear

View all CVEs affecting R6700 Firmware →

R6900p Firmware by Netgear

View all CVEs affecting R6900p Firmware →

R7000 Firmware by Netgear

View all CVEs affecting R7000 Firmware →

R7000p Firmware by Netgear

View all CVEs affecting R7000p Firmware →

R7850 Firmware by Netgear

View all CVEs affecting R7850 Firmware →

R7960p Firmware by Netgear

View all CVEs affecting R7960p Firmware →

R8000 Firmware by Netgear

View all CVEs affecting R8000 Firmware →

R8000p Firmware by Netgear

View all CVEs affecting R8000p Firmware →

Rax200 Firmware by Netgear

View all CVEs affecting Rax200 Firmware →

Rax75 Firmware by Netgear

View all CVEs affecting Rax75 Firmware →

Rax80 Firmware by Netgear

View all CVEs affecting Rax80 Firmware →

Rbr10 Firmware by Netgear

View all CVEs affecting Rbr10 Firmware →

Rbr20 Firmware by Netgear

View all CVEs affecting Rbr20 Firmware →

Rbr40 Firmware by Netgear

View all CVEs affecting Rbr40 Firmware →

Rbr50 Firmware by Netgear

View all CVEs affecting Rbr50 Firmware →

Rbs10 Firmware by Netgear

View all CVEs affecting Rbs10 Firmware →

Rbs20 Firmware by Netgear

View all CVEs affecting Rbs20 Firmware →

Rbs40 Firmware by Netgear

View all CVEs affecting Rbs40 Firmware →

Rbs50 Firmware by Netgear

View all CVEs affecting Rbs50 Firmware →

Rs400 Firmware by Netgear

View all CVEs affecting Rs400 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers on the same network can intercept HTTPS traffic, inject malicious files, and achieve remote code execution with root privileges, potentially taking full control of the router.

🟠

Likely Case

Attackers intercepting router update traffic or other HTTPS downloads to deliver malicious payloads, leading to router compromise and network infiltration.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the router itself rather than the entire network.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires network adjacency and combination with other vulnerabilities for full code execution. ZDI-CAN-15797 reference suggests detailed research exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4.122_10.0.92 or later

Vendor Advisory: https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install latest firmware. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Disable remote management

all

Prevents external exploitation attempts by disabling remote administration features

Network segmentation

all

Isolate router management interface from general user network

🧯 If You Can't Patch

  • Replace router with non-vulnerable model
  • Implement strict network access controls to limit who can access router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under Advanced > Administration > Firmware Update

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Confirm firmware version is 1.0.4.122_10.0.92 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTPS download failures
  • Unexpected firmware update attempts
  • Certificate validation errors in router logs

Network Indicators:

  • Man-in-the-middle attacks targeting router HTTPS traffic
  • Unusual ARP or DNS spoofing activity near router

SIEM Query:

Not applicable for typical home router deployments

📊 Metadata

CVE ID: CVE-2022-27644
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-295
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27644, you might also want to check these:

CVE-2025-68121 10.0

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it shoul...

Same vulnerability type (CWE-295)
CVE-2024-5261 9.8

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when...

Same vulnerability type (CWE-295)
CVE-2023-51837 9.8

MeshCentral 1.1.16 fails to properly validate SSL certificates when establishing connections, allowi...

Same vulnerability type (CWE-295)