Vulnerabilites related to netcommwireless - nl1902_firmware
cve-2022-4874
Vulnerability from cvelistv5
Published
2023-01-11 20:39
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NF20", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NF20MESH", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NL1902", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a \"fake login\" to give the request an active session to load the file and not redirect to the login page.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-288", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T20:39:25.219Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], source: { discovery: "UNKNOWN", }, title: "Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api//cve/CVE-2022-4874", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4874", datePublished: "2023-01-11T20:39:25.219Z", dateReserved: "2023-01-04T14:23:54.409Z", dateUpdated: "2024-08-03T01:55:46.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4873
Vulnerability from cvelistv5
Published
2023-01-11 20:39
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NF20", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NF20MESH", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, { product: "NL1902", vendor: "Netcomm", versions: [ { status: "affected", version: "R6B025", }, ], }, ], descriptions: [ { lang: "en", value: "On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T20:39:53.548Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], source: { discovery: "UNKNOWN", }, title: "Stack based overflow on Netcomm router models NF20MESH, NF20, and NL1902", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api//cve/CVE-2022-4873", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4873", datePublished: "2023-01-11T20:39:53.548Z", dateReserved: "2023-01-04T14:15:10.778Z", dateUpdated: "2024-08-03T01:55:45.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-01-11 21:15
Modified
2024-11-21 07:36
Severity ?
Summary
Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcommwireless | nf20_firmware | * | |
| netcommwireless | nf20 | - | |
| netcommwireless | nf20mesh_firmware | * | |
| netcommwireless | nf20mesh | - | |
| netcommwireless | nl1902_firmware | * | |
| netcommwireless | nl1902 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nf20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "447DAC30-D02D-43A7-9C11-9B29D3AE6292", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:*", matchCriteriaId: "C9BF282B-6B02-492D-A248-80D6C5DD0B50", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nf20mesh_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "492B3CE0-A18A-4D6E-A20F-5CD00D8FC234", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:*", matchCriteriaId: "79CF62CC-4353-4090-8D85-5F8126A029EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nl1902_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "131C4DCD-D115-40AE-A53D-2C3B4799CBD5", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:*", matchCriteriaId: "B02578F1-96D9-4A0C-A27E-F08518A7CA55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a \"fake login\" to give the request an active session to load the file and not redirect to the login page.", }, { lang: "es", value: "La omisión de autenticación en los modelos de router Netcomm NF20MESH, NF20 y NL1902 permite que un usuario no autenticado acceda al contenido. Para ofrecer contenido estático, la aplicación verifica la existencia de caracteres específicos en la URL (.css, .png, etc.). Si existe, realiza un \"inicio de sesión falso\" para darle a la solicitud una sesión activa para cargar el archivo y no redirigir a la página de inicio de sesión.", }, ], id: "CVE-2022-4874", lastModified: "2024-11-21T07:36:06.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T21:15:10.373", references: [ { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-11 21:15
Modified
2024-11-21 07:36
Severity ?
Summary
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcommwireless | nf20_firmware | * | |
| netcommwireless | nf20 | - | |
| netcommwireless | nf20mesh_firmware | * | |
| netcommwireless | nf20mesh | - | |
| netcommwireless | nl1902_firmware | * | |
| netcommwireless | nl1902 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nf20_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "447DAC30-D02D-43A7-9C11-9B29D3AE6292", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nf20:-:*:*:*:*:*:*:*", matchCriteriaId: "C9BF282B-6B02-492D-A248-80D6C5DD0B50", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nf20mesh_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "492B3CE0-A18A-4D6E-A20F-5CD00D8FC234", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nf20mesh:-:*:*:*:*:*:*:*", matchCriteriaId: "79CF62CC-4353-4090-8D85-5F8126A029EB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netcommwireless:nl1902_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "131C4DCD-D115-40AE-A53D-2C3B4799CBD5", versionEndExcluding: "r6b025", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netcommwireless:nl1902:-:*:*:*:*:*:*:*", matchCriteriaId: "B02578F1-96D9-4A0C-A27E-F08518A7CA55", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.", }, { lang: "es", value: "En los modelos de router Netcomm NF20MESH, NF20 y NL1902, un desbordamiento del búfer basado en pila afecta el parámetro sessionKey. Al proporcionar una cantidad específica de bytes, el puntero de instrucción puede sobrescribirse en la pila y bloquear la aplicación en una ubicación conocida.", }, ], id: "CVE-2022-4873", lastModified: "2024-11-21T07:36:06.860", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T21:15:10.307", references: [ { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }