Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router...

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

Stack overflow

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

Authentication flaw

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

CVE-2022-4873

CVE-2022-4873 is a stack-based buffer overflow in the Netcomm NF20MESH, NF20, and NL1902 sessionKey handling that can overwrite the instruction pointer and crash the app. Related CVE-2022-4874 is an authentication bypass; together these flaws enable remote code execution when exploited in affecte...

CVE-2022-4874 Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content.

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL .css, .png etc. If it exists, it performs a "fake logi...

CVE-2022-4874

CVE-2022-4874 affects Netcomm NF20MESH, NF20 and NL1902 router models. An authentication bypass exists where the app serves static content by checking the URL for specific characters (e.g., .css, .png) and performing a “fake login” to grant a active session, allowing unauthenticated access to con...

PT-2023-1320 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20 versions Netcomm NF20MESH versions Netcomm NL1902 versions Description: The issue is related to an authentication bypass in the Netcomm router models. This allows an unauthenticated user to access content. The application checks...

Netcomm路由器 授权问题漏洞

The Netcomm NF20, among others, is a router from Netcomm Australia. The Netcomm routers have a security vulnerability that stems from its authentication bypass allowing unauthenticated users to access content. The following models are affected: the NF20MESH, NF20 and NL1902...

Netcomm路由器 缓冲区错误漏洞

The Netcomm NF20 and Netcomm NF20MESH are both routers from Netcomm Australia. The Netcomm routers have a security vulnerability that stems from its sessionKey parameter that allows an attacker to achieve a stack-based buffer overflow and crash an application at a known location by supplying a...

PT-2022-6233 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20MESH versions Netcomm NF20 versions Netcomm NL1902 versions Description: A stack-based buffer overflow issue affects the sessionKey parameter, allowing a remote attacker to potentially execute arbitrary code by providing a specifi...