CVE-2022-30426

Exploit

EPSS 0.15%
Published 23.09.2022 00:15:09
Last modified 27.05.2025 16:15:22
Source cve@mitre.org
Teams watchlist Login
Open Login

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Acer ≫ Altos T110 F3 Firmware Version < p13

Acer ≫ Altos T110 F3 Version-

Acer ≫ Ap130 F2 Firmware Version < p04

Acer ≫ Ap130 F2 Version-

Acer ≫ Aspire 1600x Firmware Version < p11.a3l

Acer ≫ Aspire 1600x Version-

Acer ≫ Aspire 1602m Firmware Version < p11.a3l

Acer ≫ Aspire 1602m Version-

Acer ≫ Aspire 7600u Firmware Version < p11.a4

Acer ≫ Aspire 7600u Version-

Acer ≫ Aspire Mc605 Firmware Version < p11.a4l

Acer ≫ Aspire Mc605 Version-

Acer ≫ Aspire Tc-105 Firmware Version < p12.b0l

Acer ≫ Aspire Tc-105 Version-

Acer ≫ Aspire Tc-120 Firmware Version < p11-a4

Acer ≫ Aspire Tc-120 Version-

Acer ≫ Aspire U5-620 Firmware Version < p11.a1

Acer ≫ Aspire U5-620 Version-

Acer ≫ Aspire X1935 Firmware Version < p11.a3l

Acer ≫ Aspire X1935 Version-

Acer ≫ Aspire X3475 Firmware Version < p11.a3l

Acer ≫ Aspire X3475 Version-

Acer ≫ Aspire X3995 Firmware Version < p11.a3l

Acer ≫ Aspire X3995 Version-

Acer ≫ Aspire Xc100 Firmware Version < p11.b3

Acer ≫ Aspire Xc100 Version-

Acer ≫ Aspire Xc600 Firmware Version < p11.a4

Acer ≫ Aspire Xc600 Version-

Acer ≫ Aspire Z3-615 Firmware Version < p11.a2l

Acer ≫ Aspire Z3-615 Version-

Acer ≫ Veriton B630 49 Firmware Version < aap02sr

Acer ≫ Veriton B630 49 Version-

Acer ≫ Veriton E430g Firmware Version < p21.a1

Acer ≫ Veriton E430g Version-

Acer ≫ Veriton E430 Firmware Version < p11.a4

Acer ≫ Veriton E430 Version-

Acer ≫ Veriton M2110g Firmware Version < p21.a3

Acer ≫ Veriton M2110g Version-

Acer ≫ Veriton M2120g Firmware Version < p11-a3

Acer ≫ Veriton M2120g Version-

Acer ≫ Veriton M2611g Firmware Version < p11-b0l

Acer ≫ Veriton M2611g Version-

Acer ≫ Veriton M2611 Firmware Version < p11.b0

Acer ≫ Veriton M2611 Version-

Acer ≫ Veriton M4620 Firmware Version < p21.a3

Acer ≫ Veriton M4620 Version-

Acer ≫ Veriton M4620g Firmware Version < p21.a3

Acer ≫ Veriton M4620g Version-

Acer ≫ Veriton M6620g Firmware Version < p21.a0

Acer ≫ Veriton M6620g Version-

Acer ≫ Veriton N2620g Firmware Version < p21.b0

Acer ≫ Veriton N2620g Version-

Acer ≫ Veriton N4620g Firmware Version < p11.a2l

Acer ≫ Veriton N4620g Version-

Acer ≫ Veriton N4630g Firmware Version < p21.b0

Acer ≫ Veriton N4630g Version-

Acer ≫ Veriton S6620g Firmware Version < p11.a1

Acer ≫ Veriton S6620g Version-

Acer ≫ Veriton X2611g Firmware Version < p11.a4

Acer ≫ Veriton X2611g Version-

Acer ≫ Veriton X2611 Firmware Version < p11.a4

Acer ≫ Veriton X2611 Version-

Acer ≫ Veriton X4620g Firmware Version < p11.a3

Acer ≫ Veriton X4620g Version-

Acer ≫ Veriton X6620g Firmware Version < p11.a3

Acer ≫ Veriton X6620g Version-

Acer ≫ Veriton Z2650g Firmware Version < p21.a1

Acer ≫ Veriton Z2650g Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.357

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://acer.com

Vendor Advisory

http://altos.com

Broken Link

https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-30426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30426

EUVD