Security News > 2023 > January > Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution.
The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.
"The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center said in an advisory published Tuesday.
Security researcher Brendan Scarvell has been credited with discovering and reporting the issues in October 2022.
In a related development, CERT/CC also detailed two unpatched security vulnerabilities affecting TP-Link routers WR710N-V1-151022 and Archer-C5-V2-160201 that could lead to information disclosure and remote code execution.
Microsoft researcher James Hull has been acknowledged for disclosing the two bugs.
News URL
https://thehackernews.com/2023/01/critical-security-vulnerabilities.html
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-11 | CVE-2022-4874 | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
2023-01-11 | CVE-2022-4873 | Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. | 9.8 |