Brendan Scarvell, a private security researcher, has disclosed a couple of vulnerabilities in a few Netcomm router models. The vulnerabilities that have been tracked under CVE-2022-4873 and CVE-2022-4874 are stack buffer overflow and authentication bypass. According to the researcher, the attacker would abuse the authentication bypass vulnerability (CVE-2022-4874) that allows an unauthenticated user to access content from both inside and outside the network. Followed by the second flaw is stack buffer overflow (CVE-2022-4873), which allows crashing the application at a known location by setting up the instruction pointer to be overwritten on the stack. When the attacker chained both of these vulnerabilities together, he can achieve remote code execution on the affected Netcomm router models. Since these flaws permit a remote, unauthenticated attacker to execute arbitrary code on the affected devices, it is important to know how to fix CVE-2022-4873 and CVE-2022-4874, critical RCE vulnerability in Netcomm routers.
Table of Contents
A Short Note About Netcomm NF20MESH, NF20, and NL1902 Routers:
Netcomm is a leading Australian telecommunications company that designs, manufactures, and markets routers and other networking solutions for residential, business, and enterprise use. Since 1988, Netcomm has been providing innovative solutions to meet the ever-changing needs of today’s consumers.
The NF20MESH, NF20, and NL1902 are just a few of the industry-leading routers that Netcomm has released. These advanced routers come with a wealth of features, including dual-band WiFi connectivity, enhanced security, and multiple Ethernet ports to support all your networking needs.
The Netcomm NF20MESH is Netcomm’s MESH networking router. It supports the fastest speeds available with its dual-band WiFi, so you can stream 4K content without any lag. The NF20MESH also features advanced parental control and a built-in safety mode to keep your family secure.
The NF20 router is an affordable yet robust choice for residential use. It provides fast speeds of up to 1600Mbps and supports dual band WiFi connections. It also comes with multiple Ethernet ports which make it ideal for expanding your home network.
The NL1902 is Netcomm’s entry-level router. Although it doesn’t have the same speeds as other models, its 1200 Mbps speed is enough for most users. The NL1902 also has a range of safety and security features, including guest WiFi and parental control.
Summary of CVE-2022-4873
This is a stack buffer overflow vulnerability in Netcom routers that affects the session key parameter. It allows an attacker can crash the application by providing a specific number of bytes to the session key parameter, resulting in the overwriting of the instruction pointer on the stack at a known location. Brendan Scarvell disclosed the technical details on his git page. Please refer to that for full technical details.
Summary of CVE-2022-4874
This is an authentication bypass vulnerability in Netcom routers that allows unauthorized users to access the content. The application checks for certain characters in the URL, such as “.css” or “.png”, to determine if it should serve static content. If these characters are present, the application performs a fake login to give the request an active session and avoid redirecting to the login page.
The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code. The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network. The reporter has produced a github PoC that shows how to combine both vulnerabilities to achieve unauthenticated remote code execution.– Brendan Scarvell
Netcomm Router Modules Vulnerable to CVE-2022-4873 and CVE-2022-4874
The vulnerabilities were discovered in certain Netcomm routers that were using a Broadcom chipset and had third-party code added by Shenzhen Gongjin Electronics. Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 are said to be vulnerable to these flaws.
How to Fix CVE-2022-4873 and CVE-2022-4874- Critical RCE Vulnerability in Netcomm Routers?
The vendor has responded to these vulnerabilities by releasing new firmware. All the users of the affected models are urged to upgrade their device firmware to R6B035.
Time needed: 10 minutes
How to Fix CVE-2022-4873 and CVE-2022-4874?
- Login to the web console of Netcomm Routers
Connect the router via WiFi or LAN to your PC/mac. Type the IP address at the address bar of your web browser. Enter the credentials at the login screen.
If you are configuring for the first time, use this default address 192.168.20.1 to log in to the device. At the login screen, type admin into the Username field. In the Password field, type the unique password printed on the label on the bottom of the gateway, then click on the Login > button.
- Navigate to Firmware Upgrade screen
Go to the Tools -> Update Firmware.
- Download the firmware file from the vendor
Before you upgrade the firmware download the firmware package file from the Vendor.
- Upload the firmware file to the Router
Click on the ‘Browse’ button and locate the downloaded firmware file.
- Update the firmware
Click on the ‘Update Firmware’ button to initiate the update process.
- Reboot the device
Upon the completion of the update process, the device asks to reboot. Click on the ‘Reboot’ button to reboot the device. That’s it.
We hope this post would help you know how to fix CVE-2022-4873 and CVE-2022-4874, critical RCE vulnerability in Netcomm routers. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram and subscribe to receive updates like this.