Lucene search

[email protected]CVE-2022-30114

HistoryMay 19, 2023 - 12:15 p.m.

CVE-2022-30114

2023-05-1912:15:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-30114

network service

buffer overflow

fastweb fastgate

firmware

remote attacker

http request

dos

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.

Affected configurations

NVD

Node

fastwebfastgate_vdsl2_dga4131fwb_firmwareRange<18.3.n.0482_fw_264_dga4131

AND

fastwebfastgate_vdsl2_dga4131fwbMatch-

Node

fastwebfastgate_gpon_fga2130fwb_firmwareRange<18.3.n.0482_fw_233_fga2130

AND

fastwebfastgate_gpon_fga2130fwbMatch-

CPENameOperatorVersion
fastweb:fastgate_vdsl2_dga4131fwb_firmwarefastweb fastgate vdsl2 dga4131fwb firmwarelt18.3.n.0482_fw_264_dga4131

CPE	Name	Operator	Version
fastweb:fastgate_vdsl2_dga4131fwb_firmware	fastweb fastgate vdsl2 dga4131fwb firmware	lt	18.3.n.0482_fw_264_dga4131

References

str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/

www.fastweb.it/myfastweb/assistenza/guide/FASTGate/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

Related for CVE-2022-30114

prion1 cvelist1 nvd1 githubexploit1