Description
Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H‎, nft_byteorder.C‎, nft_meta.C‎.

This issue affects Echo-Mate: before V250329.
Published: 2026-03-24
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Kernel privilege escalation or denial of service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the netfilter packet‑filtering modules nf_tables.h, nft_byteorder.c, and nft_meta.c of No‑Chicken Echo‑Mate. Improper handling of values in these kernel sources can lead to out‑of‑bounds memory accesses or logic errors, as indicated by CWE‑229. An attacker could craft malicious network packets that trigger the fault, potentially causing the kernel to execute unintended code or crash, which could lead to privilege escalation or a denial‑of‑service of the device.

Affected Systems

All instances of No‑Chicken Echo‑Mate running firmware versions prior to V250329. No other vendors or products are listed as impacted by the CNA.

Risk and Exploitability

The CVSS score of 7.3 classifies this as a high‑severity flaw, and while it is not listed in CISA’s KEV catalog, its presence in kernel space makes it critical. Because the EPSS score is unavailable, the actual exploitation likelihood cannot be quantified, but the vulnerability can be exercised remotely by sending crafted packets to the device’s network interface. Administrators should treat it as a remote kernel exploitation risk.

Generated by OpenCVE AI on March 24, 2026 at 05:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Echo‑Mate firmware to version 250329 or later, or apply the patch referenced in the GitHub pull request.
  • If an upgrade cannot be performed immediately, block or filter packets that could trigger the vulnerability at the network perimeter.
  • Monitor system logs, kernel panic reports, and network traffic for anomalies that may indicate exploitation attempts.
  • Stay alert for further security releases from No‑Chicken and apply them promptly.

Generated by OpenCVE AI on March 24, 2026 at 05:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared No-chicken
No-chicken echo-mate
Vendors & Products No-chicken
No-chicken echo-mate

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H‎, nft_byteorder.C‎, nft_meta.C‎. This issue affects Echo-Mate: before V250329.
Title Math Issue in No-Chicken/Echo-Mate
Weaknesses CWE-229
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber'}

Subscriptions

No-chicken Echo-mate
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:36:13.673Z

Reserved: 2026-03-24T03:10:55.386Z

Link: CVE-2026-4736

cve-icon Vulnrichment

Updated: 2026-03-24T14:36:10.624Z

cve-icon NVD

Status : Deferred

Published: 2026-03-24T04:17:26.287

Modified: 2026-04-30T15:54:12.947

Link: CVE-2026-4736

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:21Z

Weaknesses