Details of VAR-202211-1924

ID

VAR-202211-1924

CVE

CVE-2022-32967

TITLE

Realtek RTL8111EP-CG and RTL8168FP-CG Trust Management Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-85493

DESCRIPTION

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. The Realtek RTL8111EP-CG and Realtek RTL8168FP-CG are both Ethernet controllers. Realtek RTL8111EP-CG, RTL8111FP-CG Firmware versions before 3.0.0.2019090 have a trust management vulnerability

Trust: 1.44

sources: NVD: CVE-2022-32967 // CNVD: CNVD-2022-85493

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-85493

AFFECTED PRODUCTS

vendor:	realtek	model:	rtl8111ep-cg	scope:	eq	version:	5.0.10	Trust: 1.0
vendor:	realtek	model:	rtl8111fp-cg	scope:	lte	version:	3.0.0.2019090	Trust: 1.0
vendor:	realtek	model:	rtl8111fp-cg	scope:	eq	version:	5.0.10	Trust: 1.0
vendor:	realtek	model:	rtl8111ep-cg	scope:	lte	version:	3.0.0.2019090	Trust: 1.0
vendor:	realtek	model:	rtl8168fp-cg	scope:	lte	version:	<=3.0.0.2019090	Trust: 0.6
vendor:	realtek	model:	rtl8111ep-cg	scope:	lte	version:	<=3.0.0.2019090	Trust: 0.6

sources: CNVD: CNVD-2022-85493 // NVD: CVE-2022-32967

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw:	CVE-2022-32967
value:	LOW
Trust: 1.0
CNVD:	CNVD-2022-85493
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202211-3621
value:	LOW
Trust: 0.6

CNVD:	CNVD-2022-85493
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

twcert@cert.org.tw:	CVE-2022-32967
baseSeverity:	LOW
baseScore:	2.1
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.7
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-85493 // CNNVD: CNNVD-202211-3621 // NVD: CVE-2022-32967

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.0

sources: NVD: CVE-2022-32967

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-3621

PATCH

title:	Patch for Realtek RTL8111EP-CG and RTL8168FP-CG Trust Management Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/365026	Trust: 0.6
title:	Realtek RTL8111FP-CG and RTL8168FP-CG Repair measures for trust management problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=215842	Trust: 0.6

sources: CNVD: CNVD-2022-85493 // CNNVD: CNNVD-202211-3621

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32967	Trust: 2.2
db:	CNVD	id:	CNVD-2022-85493	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-3621	Trust: 0.6

sources: CNVD: CNVD-2022-85493 // CNNVD: CNNVD-202211-3621 // NVD: CVE-2022-32967

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html	Trust: 2.2
url:	https://cxsecurity.com/cveshow/cve-2022-32967/	Trust: 0.6

sources: CNVD: CNVD-2022-85493 // CNNVD: CNNVD-202211-3621 // NVD: CVE-2022-32967

SOURCES

db:	CNVD	id:	CNVD-2022-85493
db:	CNNVD	id:	CNNVD-202211-3621
db:	NVD	id:	CVE-2022-32967

LAST UPDATE DATE

2024-08-14T13:21:26.264000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-85493	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-3621	date:	2022-12-01T00:00:00
db:	NVD	id:	CVE-2022-32967	date:	2022-11-30T04:59:42.133

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-85493	date:	2022-12-05T00:00:00
db:	CNNVD	id:	CNNVD-202211-3621	date:	2022-11-29T00:00:00
db:	NVD	id:	CVE-2022-32967	date:	2022-11-29T04:15:10.407