Security News > 2023 > January > Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)
Two vulnerabilities found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there's a public PoC chaining them, CERT/CC has warned.
CVE-2022-4874 is an authentication bypass flaw and CVE-2022-4873 is a stack based buffer overflow vulnerability that allows attackers to crash the application at a known location and exploit that to execute code on a vulnerable device.
The vulnerabilities affect NetComm router models NF20MESH, NF20, and NL1902 that are running software versions earlier than R6B025.
According to the vendor, the flaws were found in a Broadcom chipset that had third-party code added by Shenzhen Gongjin Electronics and, they fear, this means that other vendors' devices may also be affected by them.
Broadcom confirmed that the vulnerabilities do not exist in the Broadcom SDK code.
The vulnerabilities have been discovered and reported by security researcher Brendan Scarvell, who recently disclosed more details about his research, as well as a PoC exploit chaining the two vulnerabilities.
News URL
https://www.helpnetsecurity.com/2023/01/18/cve-2022-4873-cve-2022-4874/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2022-4874 | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
| 2023-01-11 | CVE-2022-4873 | Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. | 9.8 |