Cyber Resilience

CVE-2022-4873

CriticalPublic PoC

Published: 11 January 2023

Published
11 January 2023
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0060 69.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4873 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Netcommwireless Nf20 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 30.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-4873 is a stack-based buffer overflow affecting the sessionKey parameter on Netcomm NF20MESH, NF20, and NL1902 routers. The flaw, classified under CWE-787, permits an attacker to supply an oversized value that overwrites the instruction pointer at a predictable stack location, resulting in application crashes and potential control-flow hijacking. It carries a CVSS 3.1 score of 9.8 reflecting network accessibility without authentication or user interaction.

Unauthenticated remote attackers can exploit the vulnerability over the network to achieve arbitrary code execution or denial of service on the affected devices. Because the overflow occurs in a session-handling component reachable without credentials, an adversary positioned to send crafted requests can reliably trigger the condition and redirect execution.

Public advisories, including the detailed write-up at https://github.com/scarvell/advisories/blob/main/2022_netcomm_nf20mesh_unauth_rce.md and CERT VU#986018, document the unauthenticated remote-code-execution path and provide reproduction details for the three router models.

EPSS for the CVE rose from a low baseline to a peak of 0.1082 on 2025-12-11 before receding to the current value of 0.0060, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at…

more

a known location.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netcommwireless
nf20 firmware
≤ r6b025
netcommwireless
nf20mesh firmware
≤ r6b025
netcommwireless
nl1902 firmware
≤ r6b025

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References