CVE-2022-32960— HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-32960
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hicos Citizen Certificate Client-side Component 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hicos Citizen Certificate Client-side Component是一个公民证书客户端组件。 Hicos Citizen Certificate Client-side Component 存在安全漏洞,该漏洞源于卡号参数长度验证不足, 未经身份验证的攻击者利用此漏洞可以执行任意代码、操作系统数据或终止服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate | unspecified ~ 11 3.0.3.30306 | - | |
| HINET | HiCOS’ client-side citizen digital certificate | unspecified ~ 11 3.1.0.00002 | - | |
| HINET | HiCOS’ client-side citizen digital certificate | unspecified ~ 11 3.0.3.30404 | - |
II. Public POCs for CVE-2022-32960
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-32960
请登录查看更多情报信息。
- https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-32960
Same Patch Batch · HINET · 2022-07-20 · 4 CVEs total
| CVE-2022-32959 | 6.8 MEDIUM | HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow |
| CVE-2022-32961 | 6.8 MEDIUM | HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow |
| CVE-2022-32962 | 6.8 MEDIUM | HiCOS’ client-side citizen digital certificate - Double Free |
IV. Related Vulnerabilities
Same vendor: HINET
- CVE-2022-35222
HiCOS Citizen verification component - Stack Buffer Overflow - CVE-2022-32962
HiCOS’ client-side citizen digital certificate - Double Free - CVE-2022-32961
HiCOS’ client-side citizen digital certificate - Stack Buffe - CVE-2022-32959
HiCOS’ client-side citizen digital certificate - Stack Buffe - CVE-2019-15065
A vulnerability was discovered in HiNet GPON firmware < I040
V. Comments for CVE-2022-32960
No comments yet