Vulnerabilities > CVE-2022-4873 - Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

netcommwireless

CWE-787

critical

NVD

Published: 2023-01-11

Updated: 2023-11-07

Summary

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.

Vulnerable Configurations

Part	Description	Count
OS	Netcommwireless Netcommwireless Nf20 Firmware - Netcommwireless Nf20Mesh Firmware - Netcommwireless Nl1902 Firmware -	3
Hardware	Netcommwireless Netcommwireless Nf20 - Netcommwireless Nf20Mesh - Netcommwireless Nl1902 -	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References