How severe is CVE-2022-27646?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2022-27646?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2022-27646 - HIGH Severity | CVSS 8

Vulnerability Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Related Vulnerabilities

CVE-2021-22673

HIGH

CVSS:8.0(High)

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the Simple...

CWE-1212021

CVE-2021-27246

HIGH

CVSS:8.0(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vuln...

CWE-1212021

CVE-2021-44158

HIGH

CVSS:8.0(High)

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code ex...

CWE-1212021

CVE-2022-20703

HIGH

CVSS:8.0(High)

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb...

CWE-1212022

CVE-2022-20708

HIGH

CVSS:8.0(High)

CWE-1212022

CVE-2023-24334

HIGH

CVSS:8.0(High)

A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.

CWE-1212023