[Nulled] » Information security » RCE vulnerabilities were discovered in TP-Link and NetComm routers.
January 23 2023

RCE vulnerabilities were discovered in TP-Link and NetComm routers.

RCE vulnerabilities were discovered in TP-Link and NetComm routers.

CVE-2022-4498 and CVE-2022-4499 affect TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO.

They were discovered by Microsoft researcher James Hull.

Errors allow attackers to execute code, cause device failures, or disclose login credentials.

The first problem is described as a heap overflow caused by specially created packets in basic HTTP authentication mode.

An attacker can use this error to cause DoS or RCE.

The second CVE-2022-4499 is related to the fact that the HTTPD function is subject to an attack via third-party channels, which allows an attacker to find out every byte of the username and password string.

TP-Link was notified of these shortcomings back in November 2022, but both problems remain fixed.

Two vulnerabilities affect NetComm routers NF20MESH, NF20 and NL1902.

The first CVE-2022-4873 is a buffer overflow that can cause the application to crash.

The second, CVE-2022-4874, is an authentication bypass leading to unauthorized access to content.

Chained vulnerabilities allow a remote attacker who has not been authenticated to execute arbitrary code. 

An attacker can first gain unauthorized access to vulnerable devices, and then use these entry points to gain access to other networks or compromise the availability, integrity or confidentiality of data transmitted from the internal network.

In December 2022, NetComm released firmware updates that fix the flaws.

Later in January 2023, the researcher who discovered them, Brendan Scarwell, published technical details, as well as a PoC exploit.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:28
  • Publication category(s): Information security
  • Number of views of the publication: 174
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security»,Protection and hacking
ReSolver researcher

CVE-2022-40602 is associated with hard-coded credentials by analogy with similar problems in Telnet in D-Link

Read more
23 January 2023
Information security
Git has fixed two

Git has fixed two critical vulnerabilities that could allow attackers to execute RCE after successfully exploiting

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
23 January 2023
Information security
The OpenText Enterprise

The OpenText Enterprise Content Management (ECM) system is subject to a variety of vulnerabilities, including

Read more
16 January 2023
Information security
Google has announced the

Google has announced the release of Chrome 109 in a stable channel with fixes for 17 vulnerabilities, including 14

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +6 Total articles 6750
  • +19 Comments 4230
  • +37 Users : 6051