{"containers": {"cna": {"affected": [{"platforms": ["Windows 10"], "product": "USB FE/1GbE/2.5GbE/5GbE NIC Family", "vendor": "Realtek", "versions": [{"lessThanOrEqual": "10.39", "status": "affected", "version": "10.28", "versionType": "custom"}]}, {"platforms": ["Windows 8"], "product": "USB FE/1GbE/2.5GbE/5GbE NIC Family", "vendor": "Realtek", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "8.49", "versionType": "custom"}]}, {"platforms": ["Windows 7"], "product": "USB FE/1GbE/2.5GbE/5GbE NIC Family", "vendor": "Realtek", "versions": [{"lessThanOrEqual": "7.53", "status": "affected", "version": "7.42", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Realtek"}], "datePublic": "2022-04-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T05:30:28.000Z", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html"}], "solutions": [{"lang": "en", "value": "Update version to v10.50"}], "source": {"advisory": "TVN-202204001", "discovery": "EXTERNAL"}, "title": "Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family - Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-04-26T05:10:00.000Z", "ID": "CVE-2022-21742", "STATE": "PUBLIC", "TITLE": "Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family - Buffer Overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USB FE/1GbE/2.5GbE/5GbE NIC Family", "version": {"version_data": [{"platform": "Windows 10", "version_affected": "<=", "version_name": "10.28", "version_value": "10.39"}, {"platform": "Windows 8", "version_affected": "<=", "version_name": "8.49", "version_value": "8.60"}, {"platform": "Windows 7", "version_affected": "<=", "version_name": "7.42", "version_value": "7.53"}]}}]}, "vendor_name": "Realtek"}]}}, "credit": [{"lang": "eng", "value": "Realtek"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html"}]}, "solution": [{"lang": "en", "value": "Update version to v10.50"}], "source": {"advisory": "TVN-202204001", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.255Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-21742", "datePublished": "2022-06-20T05:30:28.159Z", "dateReserved": "2021-11-19T00:00:00.000Z", "dateUpdated": "2024-09-17T01:36:28.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "053B5D66-0B8C-43B6-B9BB-C7453F1538EE", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8926BFFE-126D-42D1-82FE-CFF70A7F8150", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79FD09FD-7A22-45A1-A647-C6B74F41C78C", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8156:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A83CFC0-6E14-412E-9801-26759C5FD841", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ABBE52B-89D5-4D35-A5A2-B3C9B4D53F77", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD5CC9A1-F278-49D1-AEFD-36EE4423FC7D", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D14BE40-0C3D-462C-B281-59EC98824EC3", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8156b:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B969E23-7613-48AC-A7CB-EE9757031F1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "593A86CF-4157-48C8-9446-D518AD6B02EA", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5452E510-572F-42C8-9BD2-A198DB6C49D8", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6477CE1-4914-49CF-89E2-D0EA57FD4BC8", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8153:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4516E5A-7F54-456C-8982-45FC3A90F06A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1915ED9-377D-4FF8-BC78-5CD96EF6FD22", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "979193FD-DF79-4C54-9BA3-1EBB0C33ED8B", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1077B900-7D08-430D-9A4B-F898321C55F5", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8153b:-:*:*:*:*:*:*:*", "matchCriteriaId": "02859B5D-AA87-4349-82FE-912FE0CA4F3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "077F57FD-037A-4E1D-8A12-E13EB264B84B", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D6DC7D-3D8C-4E34-9E31-C048FE6E46AC", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "526350AE-80DA-4216-995E-EFDCDC512CBA", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8154:-:*:*:*:*:*:*:*", "matchCriteriaId": "42FE328C-DA1C-45E1-BC6D-653B7E8C2872", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "884B1F1E-F04E-4561-A555-10A38A3FEF2A", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A8C0FD6-A428-4865-9ACB-5ACC025BBD22", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4537F748-6B0E-475E-8D51-07E9472E9F5B", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8154b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC2E29AC-D7C3-41C7-9DBD-A433C70E125B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B22F885E-32C6-4DB6-A7E3-20DD86795ECD", "versionEndIncluding": "7.53", "versionStartIncluding": "7.42", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99FE41B7-E38A-48A1-B412-03F06BD78715", "versionEndIncluding": "8.60", "versionStartIncluding": "8.49", "vulnerable": true}, {"criteria": "cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "44C96B76-8951-41FA-84FF-993F6187CAE3", "versionEndExcluding": "10.50", "versionStartIncluding": "10.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtl8152b:-:*:*:*:*:*:*:*", "matchCriteriaId": "794B2656-570E-4AE4-A852-E55CFC2217C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services."}, {"lang": "es", "value": "El controlador USB de Realtek presenta una vulnerabilidad de desbordamiento del b\u00fafer debido a una insuficiente verificaci\u00f3n de la longitud de los par\u00e1metros en la funci\u00f3n de la API. Un atacante no autenticado de la LAN puede explotar esta vulnerabilidad para interrumpir los servicios"}], "id": "CVE-2022-21742", "lastModified": "2024-11-21T06:45:21.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-20T06:15:08.630", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}