Vulnerabilities > CVE-2022-3228 - Out-of-bounds Write vulnerability in Hosteng H0-Ecom100 Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

hosteng

CWE-787

NVD

Published: 2022-10-28

Updated: 2024-11-21

Summary

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.

Vulnerable Configurations

Part	Description	Count
OS	Hosteng Hosteng H0 Ecom100 Firmware - Hosteng H0 Ecom100 Firmware 4.0.348 Hosteng H0 Ecom100 Firmware 4.1.113 Hosteng H0 Ecom100 Firmware 5.0.149 Hosteng H0 Ecom100 Firmware 5.0.155	5
Hardware	Hosteng Hosteng H0 Ecom100 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References