Vulnerabilites related to Netcomm - NL1902
cve-2022-4873
Vulnerability from cvelistv5
Published
2023-01-11 20:39
Modified
2025-04-09 14:10
Severity ?
EPSS score ?
Summary
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-4873", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-09T14:10:05.519246Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-09T14:10:34.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "NF20", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NF20MESH", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NL1902", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, ], descriptions: [ { lang: "en", value: "On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T20:39:53.548Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], source: { discovery: "UNKNOWN", }, title: "Stack based overflow on Netcomm router models NF20MESH, NF20, and NL1902", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api//cve/CVE-2022-4873", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4873", datePublished: "2023-01-11T20:39:53.548Z", dateReserved: "2023-01-04T14:15:10.778Z", dateUpdated: "2025-04-09T14:10:34.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4874
Vulnerability from cvelistv5
Published
2023-01-11 20:39
Modified
2025-04-09 14:14
Severity ?
EPSS score ?
Summary
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-4874", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-09T14:13:36.023102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-09T14:14:13.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "NF20", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NF20MESH", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NL1902", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a \"fake login\" to give the request an active session to load the file and not redirect to the login page.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-288", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T20:39:25.219Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], source: { discovery: "UNKNOWN", }, title: "Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api//cve/CVE-2022-4874", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4874", datePublished: "2023-01-11T20:39:25.219Z", dateReserved: "2023-01-04T14:23:54.409Z", dateUpdated: "2025-04-09T14:14:13.898Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }