CVE-2022-27255

Published: Aug 1, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.

Affected (2)

Products: Realtek: Ecos Rsdk Firmware, Ecos Msdk Firmware

2 products

Ecos Rsdk Firmware

Ecos Msdk Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Ecos Rsdk Firmware	Version 1.5.7p1

Running on/with	Platform Versions
Realtek Ecos Rsdk	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Ecos Msdk Firmware	Version 4.9.4p1

Running on/with	Platform Versions
Realtek Ecos Msdk	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://forum.defcon.org/node/241835

Source: cve@mitre.org

Third Party Advisory

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf

Source: cve@mitre.org

Vendor Advisory

https://forum.defcon.org/node/241835

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.