Technology NewsCritical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

-


Jan 18, 2023Ravie LakshmananNetwork Security

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution.

The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.

“The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code,” the CERT Coordination Center (CERT/CC) said in an advisory published Tuesday.

“The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network.”

Security researcher Brendan Scarvell has been credited with discovering and reporting the issues in October 2022.

Vulnerabilities in Netcomm and TP-Link Routers

In a related development, CERT/CC also detailed two unpatched security vulnerabilities affecting TP-Link routers WR710N-V1-151022 and Archer-C5-V2-160201 that could lead to information disclosure (CVE-2022-4499) and remote code execution (CVE-2022-4498).

CVE-2022-4499 is also a side-channel attack targeting a function used to validate the entered credentials. “By measuring the response time of the vulnerable process, each byte of the username and password strings may be easier to guess,” CERT/CC said.

Microsoft researcher James Hull has been acknowledged for disclosing the two bugs. The Hacker News has reached out to TP-Link for a comment, and we will update the story if we hear back.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

its Gorilla Glass Victus 2 debuts with the Galaxy S23

It was an open secret but it is no longer a secret, because Corning has officially confirmed that...

விஞ்ஞானிகள் தோலில் இருந்து மூளை வரை உணர்திறன் பாதைகளை கண்டுபிடிக்கின்றனர்

கொலம்பியா பல்கலைக்கழகத்தின் ஜுக்கர்மேன் இன்ஸ்டிடியூட் மற்றும் இரண்டு கூட்டாளர் நிறுவனங்களின் விஞ்ஞானிகள், சுட்டி ஆய்வுகளில் இன்பமான, பாலியல் மற்றும் வெகுமதியளிக்கும் சமூக தொடர்பு தொடர்பான...

ChatGPT even passes exams at American universities. How does it compare to real students?

It's been a while since ChatGPT software became widely available. Internet users have already tested it in...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity...

ChatGPT even passes exams at American universities. How does it compare to real students?

It's been a while since ChatGPT software became widely available. Internet users have already tested it in...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity...

Must read

விஞ்ஞானிகள் தோலில் இருந்து மூளை வரை உணர்திறன் பாதைகளை கண்டுபிடிக்கின்றனர்

கொலம்பியா பல்கலைக்கழகத்தின் ஜுக்கர்மேன் இன்ஸ்டிடியூட் மற்றும் இரண்டு கூட்டாளர் நிறுவனங்களின்...

Will artificial intelligence work instead of accountants?

Compared to paper-based processing, an online system based...