CVE-2022-30114 - Vulnerability Details - OpenCVE

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Fastweb	Fastgate Gpon Fga2130fwb Fastgate Gpon Fga2130fwb Firmware Fastgate Vdsl2 Dga4131fwb Fastgate Vdsl2 Dga4131fwb Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fastweb:fastgate_vdsl2_dga4131fwb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fastweb:fastgate_vdsl2_dga4131fwb:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fastweb:fastgate_gpon_fga2130fwb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fastweb:fastgate_gpon_fga2130fwb:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/
https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/

History

Tue, 21 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-19T00:00:00

Updated: 2025-01-21T19:20:02.316Z

Reserved: 2022-05-02T00:00:00

Link: CVE-2022-30114

Vulnrichment

Updated: 2024-08-03T06:40:47.175Z

NVD

Status : Modified

Published: 2023-05-19T12:15:09.340

Modified: 2025-01-21T20:15:28.463

Link: CVE-2022-30114

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30114", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-21T19:20:02.316Z", "dateReserved": "2022-05-02T00:00:00", "datePublished": "2023-05-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-21T21:06:19.504494"}, "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/"}, {"url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:40:47.175Z"}, "title": "CVE Program Container", "references": [{"url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/", "tags": ["x_transferred"]}, {"url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T19:19:56.475990Z", "id": "CVE-2022-30114", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T19:20:02.316Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/", "tags": ["x_transferred"]}, {"url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:40:47.175Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-30114", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T19:19:56.475990Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T19:19:11.131Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/"}, {"url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/"}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-21T21:06:19.504494"}}}, "cveMetadata": {"cveId": "CVE-2022-30114", "state": "PUBLISHED", "dateUpdated": "2025-01-21T19:20:02.316Z", "dateReserved": "2022-05-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-05-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fastweb:fastgate_vdsl2_dga4131fwb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94940174-3278-4418-816A-AD8CDA14326C", "versionEndExcluding": "18.3.n.0482_fw_264_dga4131", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fastweb:fastgate_vdsl2_dga4131fwb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6608877-D165-49F2-B028-FE3AC7DDA705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fastweb:fastgate_gpon_fga2130fwb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCABC6B-5F41-4E06-A360-7C2264812572", "versionEndExcluding": "18.3.n.0482_fw_233_fga2130", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fastweb:fastgate_gpon_fga2130fwb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A03406C0-71DB-43E1-822C-C4296C1B200B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en un servicio de red en Fastweb FASTGate MediaAccess FGA2130FWB, versi\u00f3n de firmware 18.3.n.0482_FW_230_FGA2130 y DGA4131FWB, versi\u00f3n de firmware hasta 18.3.n.0462_FW_261_DGA4131, permite a un atacante remoto reiniciar el dispositivo a trav\u00e9s de una solicitud HTTP manipulada, provocando DoS."}], "id": "CVE-2022-30114", "lastModified": "2025-01-21T20:15:28.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-19T12:15:09.340", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/"}, {"source": "cve@mitre.org", "url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}