CVE-2022-21742

Published: Jun 20, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.

Affected (21)

Products: Realtek: Rtl8156 Firmware, Rtl8156b Firmware, Rtl8153 Firmware, Rtl8153b Firmware, Rtl8154 Firmware, Rtl8154b Firmware, Rtl8152b Firmware

7 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8156 Firmware	From 10.28 to 10.50
Realtek Rtl8156 Firmware	From 7.42 to 7.53
Realtek Rtl8156 Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8156	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8156b Firmware	From 10.28 to 10.50
Realtek Rtl8156b Firmware	From 7.42 to 7.53
Realtek Rtl8156b Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8156b	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8153 Firmware	From 10.28 to 10.50
Realtek Rtl8153 Firmware	From 7.42 to 7.53
Realtek Rtl8153 Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8153	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8153b Firmware	From 10.28 to 10.50
Realtek Rtl8153b Firmware	From 7.42 to 7.53
Realtek Rtl8153b Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8153b	All versions

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8154 Firmware	From 10.28 to 10.50
Realtek Rtl8154 Firmware	From 7.42 to 7.53
Realtek Rtl8154 Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8154	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8154b Firmware	From 10.28 to 10.50
Realtek Rtl8154b Firmware	From 7.42 to 7.53
Realtek Rtl8154b Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8154b	All versions

Configuration G

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtl8152b Firmware	From 10.28 to 10.50
Realtek Rtl8152b Firmware	From 7.42 to 7.53
Realtek Rtl8152b Firmware	From 8.49 to 8.60

Running on/with	Platform Versions
Realtek Rtl8152b	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.