CVE-2022-21742
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
20/06/2022
Last modified:
05/07/2022
Description
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:* | 7.42 (including) | 7.53 (including) |
| cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:* | 8.49 (including) | 8.60 (including) |
| cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:* | 10.28 (including) | 10.50 (excluding) |
| cpe:2.3:h:realtek:rtl8156:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:* | 7.42 (including) | 7.53 (including) |
| cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:* | 8.49 (including) | 8.60 (including) |
| cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:* | 10.28 (including) | 10.50 (excluding) |
| cpe:2.3:h:realtek:rtl8156b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:* | 7.42 (including) | 7.53 (including) |
| cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:* | 8.49 (including) | 8.60 (including) |
| cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:* | 10.28 (including) | 10.50 (excluding) |
| cpe:2.3:h:realtek:rtl8153:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:* | 7.42 (including) | 7.53 (including) |
| cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:* | 8.49 (including) | 8.60 (including) |
| cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:* | 10.28 (including) | 10.50 (excluding) |
To consult the complete list of CPE names with products and versions, see this page