PT-2025-2193 · Newtec · Newtec Ntc2250+2
Published
2025-01-17
·
Updated
2025-01-17
·
CVE-2024-13503
CVSS v4.0
9.5
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Newtec NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19
Description
A buffer overflow issue in the swdownload binary allows attackers to execute arbitrary code. The
parse INFO function uses an unrestricted sscanf to read a string of an incoming network packet into a statically sized buffer, leading to a stack buffer overflow. This issue affects both PowerPC and ARM versions of the modems.Recommendations
For versions 1.0.1.1 through 2.2.6.19, consider disabling the
parse INFO function or restricting the use of the swdownload binary until a patch is available. As a temporary workaround, restrict access to the swdownload binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newtec Ntc2218
Newtec Ntc2250
Newtec Ntc2299