RCE vulnerabilities were discovered in TP-Link and NetComm routers.

CVE-2022-4498 and CVE-2022-4499 affect TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO.

They were discovered by Microsoft researcher James Hull.

Errors allow attackers to execute code, cause device failures, or disclose login credentials.

The first problem is described as a heap overflow caused by specially created packets in basic HTTP authentication mode.

An attacker can use this error to cause DoS or RCE.

The second CVE-2022-4499 is related to the fact that the HTTPD function is subject to an attack via third-party channels, which allows an attacker to find out every byte of the username and password string.

TP-Link was notified of these shortcomings back in November 2022, but both problems remain fixed.

Two vulnerabilities affect NetComm routers NF20MESH, NF20 and NL1902.

The first CVE-2022-4873 is a buffer overflow that can cause the application to crash.

The second, CVE-2022-4874, is an authentication bypass leading to unauthorized access to content.

Chained vulnerabilities allow a remote attacker who has not been authenticated to execute arbitrary code. 

An attacker can first gain unauthorized access to vulnerable devices, and then use these entry points to gain access to other networks or compromise the availability, integrity or confidentiality of data transmitted from the internal network.

In December 2022, NetComm released firmware updates that fix the flaws.

Later in January 2023, the researcher who discovered them, Brendan Scarwell, published technical details, as well as a PoC exploit.