Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there’s a public PoC chaining them, CERT/CC has warned.

The good news is that they’ve been fixed by NetComm and the patches have been implemented in new firmware released in November 2022.

About CVE-2022-4873 and CVE-2022-4874

CVE-2022-4874 is an authentication bypass flaw and CVE-2022-4873 is a stack based buffer overflow vulnerability that allows attackers to crash the application at a known location and exploit that to execute code on a vulnerable device.

“The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network,” CERT/CC explained.

The vulnerabilities affect NetComm router models NF20MESH, NF20, and NL1902 that are running software versions earlier than R6B025. These routers are generally deployed by residential internet service providers (i.e., for homes and home offices).

According to the vendor, the flaws were found in a Broadcom chipset that had third-party code added by Shenzhen Gongjin Electronics and, they fear, this means that other vendors’ devices may also be affected by them.

Broadcom confirmed that the vulnerabilities do not exist in the Broadcom SDK code. “We have received confirmation that they were introduced in third party customizations specific to this product.”

The vulnerabilities have been discovered and reported by security researcher Brendan Scarvell, who recently disclosed more details about his research, as well as a PoC exploit chaining the two vulnerabilities.

NetComm Wireless is owned by Casa Systems.