1. Home
  2. CVE Database
  3. CVE-2022-46143
LOW · 2.7

CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

Vulnerability Description

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SiemensRuggedcom Rm1224 Lte\(4G\) Eu FirmwareAll versions
SiemensRuggedcom Rm1224 Lte\(4G\) Eu-
SiemensRuggedcom Rm1224 Lte\(4G\) Nam FirmwareAll versions
SiemensRuggedcom Rm1224 Lte\(4G\) Nam-
SiemensScalance M804Pb FirmwareAll versions
SiemensScalance M804Pb-
SiemensScalance M812-1 Adsl-Router FirmwareAll versions
SiemensScalance M812-1 Adsl-Router-
SiemensScalance M816-1 Adsl-Router FirmwareAll versions
SiemensScalance M816-1 Adsl-Router-
SiemensScalance M826-2 Shdsl-Router FirmwareAll versions
SiemensScalance M826-2 Shdsl-Router-
SiemensScalance M874-2 FirmwareAll versions
SiemensScalance M874-2-
SiemensScalance M874-3 FirmwareAll versions
SiemensScalance M874-3-
SiemensScalance M876-3 FirmwareAll versions
SiemensScalance M876-3-
SiemensScalance M876-4 FirmwareAll versions
SiemensScalance M876-4-

Related Weaknesses (CWE)

CWE-1284

References

FAQ

What is CVE-2022-46143?

CVE-2022-46143 is a vulnerability with a CVSS score of 2.7 (LOW). Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

How severe is CVE-2022-46143?

CVE-2022-46143 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46143?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rm1224 Lte\(4G\) Eu Firmware, Siemens Ruggedcom Rm1224 Lte\(4G\) Eu, Siemens Ruggedcom Rm1224 Lte\(4G\) Nam Firmware, Siemens Ruggedcom Rm1224 Lte\(4G\) Nam, Siemens Scalance M804Pb Firmware.