NETGEAR R6700v3 code execution |

May 14, 2022

NAME

NETGEAR R6700v3 code execution

  • Platforms Affected:
    NETGEAR R6700v3
  • Risk Level:
    8.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

NETGEAR R6700v3 could allow a remote attacker to execute arbitrary code on the system, caused by the use of an outdated version of Netatalk containing known vulnerabilities. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to NETGEAR Security Advisory: PSV-2021-0321 for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://www.zerodayinitiative.com/advisories/ZDI-22-758/
  • Reference Link:
    https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

CISA Logo

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

November 22, 2024
CISA Logo

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

November 22, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

November 22, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

November 22, 2024
CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

November 22, 2024