Security News > 2023 > January > Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)
Two vulnerabilities found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there's a public PoC chaining them, CERT/CC has warned.
CVE-2022-4874 is an authentication bypass flaw and CVE-2022-4873 is a stack based buffer overflow vulnerability that allows attackers to crash the application at a known location and exploit that to execute code on a vulnerable device.
The vulnerabilities affect NetComm router models NF20MESH, NF20, and NL1902 that are running software versions earlier than R6B025.
According to the vendor, the flaws were found in a Broadcom chipset that had third-party code added by Shenzhen Gongjin Electronics and, they fear, this means that other vendors' devices may also be affected by them.
Broadcom confirmed that the vulnerabilities do not exist in the Broadcom SDK code.
The vulnerabilities have been discovered and reported by security researcher Brendan Scarvell, who recently disclosed more details about his research, as well as a PoC exploit chaining the two vulnerabilities.
News URL
https://www.helpnetsecurity.com/2023/01/18/cve-2022-4873-cve-2022-4874/
Related news
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2022-4874 | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
| 2023-01-11 | CVE-2022-4873 | Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. | 9.8 |