Vulnerability Description
An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Winaprs | Winaprs | 2.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/Coalfire-Research/WinAPRS-ExploitsExploitThird Party Advisory
- https://news.ycombinator.com/item?id=31571476Issue TrackingThird Party Advisory
- https://winaprs.com/Vendor Advisory
- https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1ExploitThird Party Advisory
- https://github.com/Coalfire-Research/WinAPRS-ExploitsExploitThird Party Advisory
- https://news.ycombinator.com/item?id=31571476Issue TrackingThird Party Advisory
- https://winaprs.com/Vendor Advisory
- https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1ExploitThird Party Advisory
FAQ
What is CVE-2022-24702?
CVE-2022-24702 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This...
How severe is CVE-2022-24702?
CVE-2022-24702 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24702?
Check the references section above for vendor advisories and patch information. Affected products include: Winaprs Winaprs.