CVE-2022-1669

HIGH Year: 2022
CVSS v3 Score
8.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-121
View all →

Vulnerability Description

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.

Related Vulnerabilities

CVE-2019-19333

HIGH
CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus...

CWE-1212019

CVE-2019-19334

HIGH
CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse...

CWE-1212019

CVE-2020-15636

HIGH
CVSS:8.1(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0...

CWE-1212020

CVE-2020-25854

HIGH
CVSS:8.1(High)

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt...

CWE-1212020

CVE-2020-25855

HIGH
CVSS:8.1(High)

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, result...

CWE-1212020

CVE-2020-25856

HIGH
CVSS:8.1(High)

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operatio...

CWE-1212020