CVE-2022-21742

EPSS 0.11%
Published 20.06.2022 06:15:08
Last modified 21.11.2024 06:45:21
Source twcert@cert.org.tw
Teams watchlist Login
Open Login

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Realtek ≫ Rtl8156 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8156b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8156b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8153 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8153b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8153b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8154 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8154b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8154b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8152b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8152b Version-

Realtek ≫ Rtl8152b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8152b Version-

Realtek ≫ Rtl8152b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8152b Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.303

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P
twcert@cert.org.tw	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-21742

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21742

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21742

EUVD