CVE Published: 02/08/2022 |
CVE Updated: 16/09/2024 |
CVE Year: 2022 Source: twcert |
Vendor: NHI |
Product: card’s web service component Status : PUBLISHED
CVE-2022-35217 Description
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Metrics
CVSS Version: 3.1 |
Base Score: 7.8 HIGH Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H