VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-27647

CVE-2022-27647

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR R6700v3 contains a command injection in libreadycloud.so, letting an authenticated network-adjacent attacker execute arbitrary commands as root.

Vulnerability

CVE-2022-27647 is a command injection vulnerability in the libreadycloud.so library of NETGEAR R6700v3 routers running firmware version 1.0.4.120_10.0.91. The flaw exists when the router processes the name or email field, failing to properly validate a user-supplied string before using it in a system call. An attacker must have valid router credentials, but authentication can be bypassed [1][2].

Exploitation

The attacker must be on the same WiFi network (or have an Ethernet connection) and able to authenticate to the router. Once authenticated, the attacker sends a crafted request to the affected service that includes a malicious payload in the name or email field. The lack of input validation allows the payload to be passed directly to a system call, resulting in command execution [2].

Impact

A successful exploit allows the attacker to execute arbitrary commands with root privileges on the router. This leads to a full compromise of the device, including complete control over network traffic, data exfiltration, and the ability to pivot to other devices on the network [1][2].

Mitigation

NETGEAR released firmware version 1.0.4.126 to fix this vulnerability on the R6700v3. Users should update to the latest firmware via the router web interface or NETGEAR support page [1]. No workaround is available, and the vulnerability is not listed in CISA KEV.

References
  1. Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327
  2. ZDI-22-524

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Netgear/R6700v3llm-fuzzy
    Range: = 1.0.4.120_10.0.91
  • NETGEAR/R6700v3v5
    Range: 1.0.4.120_10.0.91

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.