How severe is CVE-2022-27644?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2022-27644?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2022-27644 - MEDIUM Severity | CVSS 5

Vulnerability Description

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Related Vulnerabilities

CVE-2005-3170

MEDIUM

CVSS:5.0(Medium)

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which cou...

CWE-2952005

CVE-2017-18918

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

CWE-2952017

CVE-2020-12143

MEDIUM

CVSS:4.9(Medium)

The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.

CWE-2952020

CVE-2020-12144

MEDIUM

CVSS:4.9(Medium)

The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted...

CWE-2952020

CVE-2024-31955

MEDIUM

CVSS:4.9(Medium)

An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RP...

CWE-2952024

CVE-2017-2387

MEDIUM

CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017