CVE-2021-27643: 
SAP 3D Visual Enterprise Viewer vulnerability analysis and mitigation

A buffer overflow vulnerability was identified in NETGEAR R6700v3 router version 1.0.4.120_10.0.91. The vulnerability, tracked as CVE-2022-27643 (also known as ZDI-CAN-15692), was discovered by Stephen Fewer of Relyze Software Limited and reported to NETGEAR on December 3, 2021, with public disclosure on March 23, 2022 (ZDI Advisory).

The vulnerability exists within the handling of SOAP requests in the router's UPNPD service. The specific flaw occurs when parsing the SOAPAction header, where the process fails to properly validate the length of user-supplied data before copying it to a buffer. The vulnerability has been assigned a CVSS score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity (ZDI Advisory).

When successfully exploited, this vulnerability allows network-adjacent attackers to execute arbitrary code on affected NETGEAR R6700v3 routers. The code execution occurs in the context of root, giving attackers the highest level of system privileges. No authentication is required to exploit this vulnerability, making it particularly dangerous (CVE Details).

NETGEAR has released a security update to address this vulnerability. Users are advised to apply the latest firmware update available through the NETGEAR knowledge base (NETGEAR Advisory).