VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-27646

CVE-2022-27646

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in the circled daemon of NETGEAR R6700v3 routers allows authenticated attackers to execute arbitrary code as root.

Vulnerability

A stack-based buffer overflow exists in the circled daemon of NETGEAR R6700v3 routers running firmware version 1.0.4.120_10.0.91. The vulnerability is triggered when a specially crafted circleinfo.txt file is processed, overflowing a fixed-length stack buffer. While authentication is required to reach the vulnerable code path, the authentication mechanism can be bypassed. This issue is also identified as ZDI-CAN-15879 [1][2].

Exploitation

An attacker must be network-adjacent and able to authenticate to the router, though authentication can be bypassed. The attacker supplies a malicious circleinfo.txt file to the circled daemon, which then overflows the stack buffer. This allows overwriting of return addresses and other critical stack data. The exploit does not require user interaction beyond the initial authentication [2].

Impact

Successful exploitation enables arbitrary code execution in the context of the root user. This gives the attacker full control over the affected router, allowing them to read, modify, or delete any data, install persistent malware, or pivot to other devices on the network [2].

Mitigation

NETGEAR released firmware version 1.0.4.126 for the R6700v3 to fix this vulnerability, as noted in the security advisory PSV-2021-0324 [1]. Users should update immediately. No workaround is available, and the router is not known to be on the CISA KEV list [1][2].

References
  1. Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0324
  2. ZDI-22-523

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Netgear/R6700v3llm-fuzzy
    Range: = 1.0.4.120_10.0.91
  • NETGEAR/R6700v3v5
    Range: 1.0.4.120_10.0.91

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.