VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-27644

CVE-2022-27644

Description

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2022-27644 is an improper certificate validation vulnerability in NETGEAR R6700v3 routers that allows network-adjacent attackers to compromise HTTPS downloads and potentially execute arbitrary code.

Vulnerability

The vulnerability exists in the HTTPS download functionality of NETGEAR R6700v3 routers running firmware version 1.0.4.120_10.0.91. The router fails to properly validate the certificate presented by the server during HTTPS downloads, allowing an attacker to present a fraudulent certificate. This compromises the integrity of downloaded files. [1][2]

Exploitation

An attacker must be network-adjacent (same local network) and does not require authentication. The attacker can perform a man-in-the-middle attack to intercept HTTPS connections and present a crafted certificate. This can be combined with other vulnerabilities to achieve code execution. [2]

Impact

Successful exploitation allows an attacker to compromise the integrity of downloaded information. By leveraging this flaw with other vulnerabilities, an attacker can execute arbitrary code in the context of root, gaining full control of the device. [2]

Mitigation

NETGEAR released firmware version 1.0.4.126 for the R6700v3 to fix this vulnerability. Users should update to the latest firmware as soon as possible. No workaround is available. [1]

References
  1. Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0324
  2. ZDI-22-520

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Netgear/R6700v3llm-fuzzy
    Range: = 1.0.4.120_10.0.91
  • NETGEAR/R6700v3v5
    Range: 1.0.4.120_10.0.91

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.