CVE-2022-4873 - On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessio

CVE-2022-4873

Summary

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.

References

https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md

Vulnerable Configurations

cpe:2.3:o:netcommwireless:nf20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netcommwireless:nf20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:*
cpe:2.3:o:netcommwireless:nf20mesh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netcommwireless:nf20mesh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:*
cpe:2.3:o:netcommwireless:nl1902_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netcommwireless:nl1902_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:*
cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

19-01-2023 - 18:01

Published

11-01-2023 - 21:15

Last modified

19-01-2023 - 18:01