Details of VAR-202302-0004

ID

VAR-202302-0004

CVE

CVE-2022-30904

TITLE

Bestechnic Bluetooth Mesh SDK Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003142

DESCRIPTION

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. Bestechnic Bluetooth Mesh SDK (BES2300) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-30904 // JVNDB: JVNDB-2023-003142 // VULMON: CVE-2022-30904

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	bestechnic	model:	bluetooth mesh software development kit	scope:	eq	version:	1.0	Trust: 1.0
vendor:	bestechnic	model:	bluetooth mesh sdk	scope:	eq	version:	-	Trust: 0.8
vendor:	bestechnic	model:	bluetooth mesh sdk	scope:	eq	version:	1.0	Trust: 0.8

sources: JVNDB: JVNDB-2023-003142 // NVD: CVE-2022-30904

CVSS

SEVERITY

CVSSV2

CVSSV3

cve@mitre.org:	CVE-2022-30904
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2022-30904
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-30904
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-128
value:	HIGH
Trust: 0.6

cve@mitre.org:	CVE-2022-30904
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	5.3
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-30904
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-30904
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003142 // CNNVD: CNNVD-202302-128 // NVD: CVE-2022-30904 // NVD: CVE-2022-30904

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-003142 // NVD: CVE-2022-30904

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202302-128

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-128

PATCH

title:	Top Page	url:	https://www.bestechnic.com/	Trust: 0.8
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-30904	Trust: 0.1

sources: VULMON: CVE-2022-30904 // JVNDB: JVNDB-2023-003142

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30904	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-003142	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-128	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2022-30904	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-30904 // JVNDB: JVNDB-2023-003142 // CNNVD: CNNVD-202302-128 // NVD: CVE-2022-30904

REFERENCES

url:	https://docs.google.com/document/d/1is3dywmcrikhjvujzi5ognagbsqvtlew/edit	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30904	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-30904/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-30904	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-30904 // JVNDB: JVNDB-2023-003142 // CNNVD: CNNVD-202302-128 // NVD: CVE-2022-30904

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2022-30904
db:	JVNDB	id:	JVNDB-2023-003142
db:	CNNVD	id:	CNNVD-202302-128
db:	NVD	id:	CVE-2022-30904

LAST UPDATE DATE

2025-03-28T00:51:55.826000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-30904	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-003142	date:	2023-09-01T04:48:00
db:	CNNVD	id:	CNNVD-202302-128	date:	2023-02-10T00:00:00
db:	NVD	id:	CVE-2022-30904	date:	2025-03-27T15:15:37.507

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-30904	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-003142	date:	2023-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202302-128	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2022-30904	date:	2023-02-01T21:15:08.530