Vulnerability Description
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netcommwireless | Nf20 Firmware | < r6b025 |
| Netcommwireless | Nf20 | - |
| Netcommwireless | Nf20Mesh Firmware | < r6b025 |
| Netcommwireless | Nf20Mesh | - |
| Netcommwireless | Nl1902 Firmware | < r6b025 |
| Netcommwireless | Nl1902 | - |
Related Weaknesses (CWE)
References
- https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rcExploitThird Party Advisory
- https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rcExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/986018
FAQ
What is CVE-2022-4873?
CVE-2022-4873 is a vulnerability with a CVSS score of 9.8 (CRITICAL). On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overw...
How severe is CVE-2022-4873?
CVE-2022-4873 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-4873?
Check the references section above for vendor advisories and patch information. Affected products include: Netcommwireless Nf20 Firmware, Netcommwireless Nf20, Netcommwireless Nf20Mesh Firmware, Netcommwireless Nf20Mesh, Netcommwireless Nl1902 Firmware.