Sign-up

ID

VAR-202208-2347


CVE

CVE-2022-26528


TITLE

Realtek Semiconductor Corp  of  bluetooth mesh software development kit  Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015792

DESCRIPTION

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. Realtek Semiconductor Corp of bluetooth mesh software development kit Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-26528 // JVNDB: JVNDB-2022-015792

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:realtekmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127

Trust: 1.0

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope: - version: -

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127 and earlier

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015792 // NVD: CVE-2022-26528

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2022-26528
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-015792
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-4422
value: MEDIUM

Trust: 0.6

twcert@cert.org.tw: CVE-2022-26528
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-015792
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015792 // CNNVD: CNNVD-202208-4422 // NVD: CVE-2022-26528

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015792 // NVD: CVE-2022-26528

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202208-4422

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4422

PATCH

title:Realtek Linux/Android Bluetooth Mesh SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206129

Trust: 0.6

sources: CNNVD: CNNVD-202208-4422

EXTERNAL IDS

db:NVDid:CVE-2022-26528

Trust: 3.3

db:JVNDBid:JVNDB-2022-015792

Trust: 0.8

db:CNNVDid:CNNVD-202208-4422

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015792 // CNNVD: CNNVD-202208-4422 // NVD: CVE-2022-26528

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-26528

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-26528/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015792 // CNNVD: CNNVD-202208-4422 // NVD: CVE-2022-26528

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2022-015792
db:CNNVDid:CNNVD-202208-4422
db:NVDid:CVE-2022-26528

LAST UPDATE DATE

2025-01-30T21:11:30.978000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-015792date:2023-09-28T08:10:00
db:CNNVDid:CNNVD-202208-4422date:2022-09-05T00:00:00
db:NVDid:CVE-2022-26528date:2022-09-02T20:16:58.907

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-015792date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-4422date:2022-08-30T00:00:00
db:NVDid:CVE-2022-26528date:2022-08-30T05:15:07.847