What is CVE-2022-21742?

CVE-2022-21742 is a buffer overflow vulnerability in the Realtek USB driver.

Who can exploit CVE-2022-21742?

An unauthenticated LAN attacker can exploit CVE-2022-21742.

What is the severity of CVE-2022-21742?

CVE-2022-21742 has a severity level of 6.5, which is medium.

How can CVE-2022-21742 be mitigated?

To mitigate CVE-2022-21742, it is recommended to update to the latest firmware version provided by Realtek.

Vulnerability/
CVE-2022-21742

medium

6.5

CWE

120 119

20/6/2022

17/9/2024

CVE-2022-21742: Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family - Buffer Overflow

Q: How does CVE-2022-21742 occur?

CVE-2022-21742 occurs due to insufficient parameter length verification in the API function of the Realtek USB driver.

First published: Mon Jun 20 2022(Updated: )

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.

Credit: twcert@cert.org.tw

Affected Software	Affected Version	How to fix
Realtek Rtl8156 Firmware	>=7.42<=7.53
Realtek Rtl8156 Firmware	>=8.49<=8.60
Realtek Rtl8156 Firmware	>=10.28<10.50
Realtek Rtl8156
Realtek Rtl8156b Firmware	>=7.42<=7.53
Realtek Rtl8156b Firmware	>=8.49<=8.60
Realtek Rtl8156b Firmware	>=10.28<10.50
Realtek Rtl8156b
Realtek Rtl8153 Firmware	>=7.42<=7.53
Realtek Rtl8153 Firmware	>=8.49<=8.60
Realtek Rtl8153 Firmware	>=10.28<10.50
Realtek Rtl8153
Realtek Rtl8153b Firmware	>=7.42<=7.53
Realtek Rtl8153b Firmware	>=8.49<=8.60
Realtek Rtl8153b Firmware	>=10.28<10.50
Realtek Rtl8153b
Realtek Rtl8154 Firmware	>=7.42<=7.53
Realtek Rtl8154 Firmware	>=8.49<=8.60
Realtek Rtl8154 Firmware	>=10.28<10.50
Realtek Rtl8154
Realtek Rtl8154b Firmware	>=7.42<=7.53
Realtek Rtl8154b Firmware	>=8.49<=8.60
Realtek Rtl8154b Firmware	>=10.28<10.50
Realtek Rtl8154b
Realtek Rtl8152b Firmware	>=7.42<=7.53
Realtek Rtl8152b Firmware	>=8.49<=8.60
Realtek Rtl8152b Firmware	>=10.28<10.50
Realtek Rtl8152b

Remedy

Update version to v10.50

Never miss a vulnerability like this again

Reference Links

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Frequently Asked Questions

What is CVE-2022-21742?
CVE-2022-21742 is a buffer overflow vulnerability in the Realtek USB driver.
How does CVE-2022-21742 occur?
CVE-2022-21742 occurs due to insufficient parameter length verification in the API function of the Realtek USB driver.
Who can exploit CVE-2022-21742?
An unauthenticated LAN attacker can exploit CVE-2022-21742.
What is the severity of CVE-2022-21742?
CVE-2022-21742 has a severity level of 6.5, which is medium.
How can CVE-2022-21742 be mitigated?
To mitigate CVE-2022-21742, it is recommended to update to the latest firmware version provided by Realtek.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/remedy
agent/references
agent/weakness
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/realtek
canonical/realtek rtl8156 firmware
version/realtek rtl8156 firmware/7.42
version/realtek rtl8156 firmware/7.53
version/realtek rtl8156 firmware/8.49
version/realtek rtl8156 firmware/8.60
version/realtek rtl8156 firmware/10.28
canonical/realtek rtl8156
canonical/realtek rtl8156b firmware
version/realtek rtl8156b firmware/7.42
version/realtek rtl8156b firmware/7.53
version/realtek rtl8156b firmware/8.49
version/realtek rtl8156b firmware/8.60
version/realtek rtl8156b firmware/10.28
canonical/realtek rtl8156b
canonical/realtek rtl8153 firmware
version/realtek rtl8153 firmware/7.42
version/realtek rtl8153 firmware/7.53
version/realtek rtl8153 firmware/8.49
version/realtek rtl8153 firmware/8.60
version/realtek rtl8153 firmware/10.28
canonical/realtek rtl8153
canonical/realtek rtl8153b firmware
version/realtek rtl8153b firmware/7.42
version/realtek rtl8153b firmware/7.53
version/realtek rtl8153b firmware/8.49
version/realtek rtl8153b firmware/8.60
version/realtek rtl8153b firmware/10.28
canonical/realtek rtl8153b
canonical/realtek rtl8154 firmware
version/realtek rtl8154 firmware/7.42
version/realtek rtl8154 firmware/7.53
version/realtek rtl8154 firmware/8.49
version/realtek rtl8154 firmware/8.60
version/realtek rtl8154 firmware/10.28
canonical/realtek rtl8154
canonical/realtek rtl8154b firmware
version/realtek rtl8154b firmware/7.42
version/realtek rtl8154b firmware/7.53
version/realtek rtl8154b firmware/8.49
version/realtek rtl8154b firmware/8.60
version/realtek rtl8154b firmware/10.28
canonical/realtek rtl8154b
canonical/realtek rtl8152b firmware
version/realtek rtl8152b firmware/7.42
version/realtek rtl8152b firmware/7.53
version/realtek rtl8152b firmware/8.49
version/realtek rtl8152b firmware/8.60
version/realtek rtl8152b firmware/10.28
canonical/realtek rtl8152b

CVE-2022-21742: Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family - Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-21742?

How does CVE-2022-21742 occur?

Who can exploit CVE-2022-21742?

What is the severity of CVE-2022-21742?

How can CVE-2022-21742 be mitigated?

Company

Resources

Contact