cbcvebase.
CVE-2022-4873
published 2023-01-11

CVE-2022-4873: On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITW
Exploited in the wild
EPSS
7.17%
93.5th percentile
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.

Affected

6 ranges
VendorProductVersion rangeFixed in
netcommnf20
netcommnf20mesh
netcommnl1902
netcommwirelessnf20_firmware< r6b025r6b025
netcommwirelessnf20mesh_firmware< r6b025r6b025
netcommwirelessnl1902_firmware< r6b025r6b025
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.