Vulnerability Description
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Realtek | Rtl8156 Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8156 | - |
| Realtek | Rtl8156B Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8156B | - |
| Realtek | Rtl8153 Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8153 | - |
| Realtek | Rtl8153B Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8153B | - |
| Realtek | Rtl8154 Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8154 | - |
| Realtek | Rtl8154B Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8154B | - |
| Realtek | Rtl8152B Firmware | >= 7.42, <= 7.53 |
| Realtek | Rtl8152B | - |
Related Weaknesses (CWE)
References
- https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.htmlThird Party Advisory
FAQ
What is CVE-2022-21742?
CVE-2022-21742 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt ...
How severe is CVE-2022-21742?
CVE-2022-21742 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21742?
Check the references section above for vendor advisories and patch information. Affected products include: Realtek Rtl8156 Firmware, Realtek Rtl8156, Realtek Rtl8156B Firmware, Realtek Rtl8156B, Realtek Rtl8153 Firmware.