{ "id": "CVE-2022-21742", "sourceIdentifier": "twcert@cert.org.tw", "published": "2022-06-20T06:15:08.630", "lastModified": "2022-07-05T20:40:10.597", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services." }, { "lang": "es", "value": "El controlador USB de Realtek presenta una vulnerabilidad de desbordamiento del b\u00fafer debido a una insuficiente verificaci\u00f3n de la longitud de los par\u00e1metros en la funci\u00f3n de la API. Un atacante no autenticado de la LAN puede explotar esta vulnerabilidad para interrumpir los servicios" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 3.6 }, { "source": "twcert@cert.org.tw", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.5, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3 }, "baseSeverity": "LOW", "exploitabilityScore": 6.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-120" } ] }, { "source": "twcert@cert.org.tw", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-120" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "053B5D66-0B8C-43B6-B9BB-C7453F1538EE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "8926BFFE-126D-42D1-82FE-CFF70A7F8150" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "79FD09FD-7A22-45A1-A647-C6B74F41C78C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8156:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A83CFC0-6E14-412E-9801-26759C5FD841" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "5ABBE52B-89D5-4D35-A5A2-B3C9B4D53F77" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "FD5CC9A1-F278-49D1-AEFD-36EE4423FC7D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "5D14BE40-0C3D-462C-B281-59EC98824EC3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8156b:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B969E23-7613-48AC-A7CB-EE9757031F1B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "593A86CF-4157-48C8-9446-D518AD6B02EA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "5452E510-572F-42C8-9BD2-A198DB6C49D8" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "E6477CE1-4914-49CF-89E2-D0EA57FD4BC8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8153:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4516E5A-7F54-456C-8982-45FC3A90F06A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "F1915ED9-377D-4FF8-BC78-5CD96EF6FD22" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "979193FD-DF79-4C54-9BA3-1EBB0C33ED8B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "1077B900-7D08-430D-9A4B-F898321C55F5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8153b:-:*:*:*:*:*:*:*", "matchCriteriaId": "02859B5D-AA87-4349-82FE-912FE0CA4F3B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "077F57FD-037A-4E1D-8A12-E13EB264B84B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "D2D6DC7D-3D8C-4E34-9E31-C048FE6E46AC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "526350AE-80DA-4216-995E-EFDCDC512CBA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8154:-:*:*:*:*:*:*:*", "matchCriteriaId": "42FE328C-DA1C-45E1-BC6D-653B7E8C2872" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "884B1F1E-F04E-4561-A555-10A38A3FEF2A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "6A8C0FD6-A428-4865-9ACB-5ACC025BBD22" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "4537F748-6B0E-475E-8D51-07E9472E9F5B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8154b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC2E29AC-D7C3-41C7-9DBD-A433C70E125B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.42", "versionEndIncluding": "7.53", "matchCriteriaId": "B22F885E-32C6-4DB6-A7E3-20DD86795ECD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.49", "versionEndIncluding": "8.60", "matchCriteriaId": "99FE41B7-E38A-48A1-B412-03F06BD78715" }, { "vulnerable": true, "criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.28", "versionEndExcluding": "10.50", "matchCriteriaId": "44C96B76-8951-41FA-84FF-993F6187CAE3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:realtek:rtl8152b:-:*:*:*:*:*:*:*", "matchCriteriaId": "794B2656-570E-4AE4-A852-E55CFC2217C7" } ] } ] } ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html", "source": "twcert@cert.org.tw", "tags": [ "Third Party Advisory" ] } ] }