VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-27645

CVE-2022-27645

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Network-adjacent attackers can bypass authentication on NETGEAR R6700v3 routers via readycloud_control.cgi, leading to root-level code execution.

Vulnerability

CVE-2022-27645 is an authentication bypass vulnerability affecting the readycloud_control.cgi endpoint on NETGEAR R6700v3 routers running firmware versions prior to v1.0.4.126. The flaw allows a network-adjacent attacker to access functionality without any authentication, as the CGI script fails to verify user identity before processing requests [1][2].

Exploitation

An attacker with either the WiFi password or an Ethernet connection to the router can send crafted HTTP requests to the readycloud_control.cgi endpoint [1]. No user interaction or additional privileges are required. The attacker directly triggers the vulnerable code path by accessing the CGI interface [2].

Impact

Successful exploitation grants the attacker the ability to execute arbitrary code with root-level privileges on the router [2]. This leads to a full compromise of confidentiality, integrity, and availability of the affected device and potentially the network it manages.

Mitigation

NETGEAR released a fixed firmware version v1.0.4.126 for the R6700v3 to address this vulnerability [1]. Users should download and install the latest firmware as soon as possible. No workarounds are documented; upgrading to the patched version is the recommended mitigation [2].

References
  1. Security Advisory for Sensitive Information Disclosure on Some Routers and Fixed Wireless Products, PSV-2021-0325
  2. ZDI-22-522

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.