"A Couple of Bugs Can Be Chained to Hack Netcomm Routers"

Experts warn of the potential exploitation of two critical vulnerabilities found in Netcomm routers. The vulnerabilities, tracked as CVE-2022-4873 and CVE-2022-4874, are stack-based buffer overflow and authentication bypass flaws. Both vulnerabilities affect Netcomm routers NF20MESH, NF20, and NL1902 with software versions before R6B035. The CERT Coordination Center (CERT/CC) also issued an advisory warning of attacks chaining the two flaws for Remote Code Execution (RCE) on vulnerable systems. Once an attacker has gained unauthorized access to impacted devices, they can leverage the entry points to gain access to other systems on the network or compromise the Confidentiality, Integrity, and Availability (CIA) of data transmitted from the internal network. Brendan Scarvell identified the issue and shared a proof-of-concept (POC) demonstrating how to chain the two flaws to perform unauthenticated RCE. This article continues to discuss the critical vulnerabilities that have been discovered in Netcomm routers.

Security Affairs reports "A Couple of Bugs Can Be Chained to Hack Netcomm Routers"