CVE-2022-4873
CVSS V2 None
CVSS V3 None
Description
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
Overview
- CVE ID
- CVE-2022-4873
- Assigner
- cret@cert.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-11T21:15:10
- Last Modified Date
- 2023-01-19T18:01:33
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:netcommwireless:nf20_firmware:*:*:*:*:*:*:*:* | 1 | OR | r6b025 | |
cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:netcommwireless:nf20mesh_firmware:*:*:*:*:*:*:*:* | 1 | OR | r6b025 | |
cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:netcommwireless:nl1902_firmware:*:*:*:*:*:*:*:* | 1 | OR | r6b025 | |
cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4873 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4873 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-01-12 05:18:01 | Added to TrackCVE | |||
2023-01-12 05:18:02 | Weakness Enumeration | new | ||
2023-01-12 14:15:16 | 2023-01-12T13:56:24 | CVE Modified Date | updated | |
2023-01-12 14:15:16 | Received | Awaiting Analysis | Vulnerability Status | updated |
2023-01-18 16:16:14 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2023-01-19 20:14:04 | 2023-01-19T18:01:33 | CVE Modified Date | updated | |
2023-01-19 20:14:04 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2023-01-19 20:14:06 | Weakness Enumeration | update | ||
2023-01-19 20:14:07 | CPE Information | updated |