There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.
References
| Link | Resource |
|---|---|
| http://acer.com | Vendor Advisory |
| http://altos.com | Broken Link |
| https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
Configuration 32 (hide)
| AND |
|
Configuration 33 (hide)
| AND |
|
Configuration 34 (hide)
| AND |
|
History
26 Sep 2022, 14:35
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:acer:aspire_z3-615_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_x3475:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_b630_49:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_z2650g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_n4620g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m2611:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_x6620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_1600x_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m2611_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m6620g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:altos_t110_f3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_e430_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_x3995:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_x4620g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_e430g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_x2611g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m4620_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_mc605_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_mc605:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_x1935:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_x2611_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_s6620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_n4620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_b630_49_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:altos_t110_f3:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m2120g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m4620:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m2120g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_x2611g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_1602m:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_n2620g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_x2611:-:*:*:*:*:*:*:* cpe:2.3:o:acer:ap130_f2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m4620g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_e430g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_u5-620_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_1600x:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_u5-620:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_n2620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m2110g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m6620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_e430:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_tc-120:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m2110g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_z3-615:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_1602m_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_s6620g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_tc-105_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_xc100:-:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_x4620g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_n4630g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_7600u_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_x1935_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_z2650g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:ap130_f2:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_xc600_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_7600u:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_tc-120_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_x6620g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_n4630g:-:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_xc600:-:*:*:*:*:*:*:* cpe:2.3:h:acer:veriton_m2611g:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_x3475_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:acer:aspire_tc-105:-:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_x3995_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:aspire_xc100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m2611g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:acer:veriton_m4620g_firmware:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-787 | |
| First Time |
Acer veriton M4620g Firmware
Acer aspire U5-620 Acer aspire Xc100 Acer aspire Tc-105 Acer aspire X3995 Acer aspire 1602m Firmware Acer aspire Z3-615 Acer aspire Xc600 Acer veriton S6620g Firmware Acer veriton B630 49 Firmware Acer veriton E430g Acer aspire Mc605 Firmware Acer veriton X4620g Firmware Acer veriton M2110g Acer veriton M2120g Acer aspire Xc600 Firmware Acer veriton X2611g Firmware Acer veriton S6620g Acer ap130 F2 Firmware Acer aspire Mc605 Acer veriton Z2650g Acer aspire Z3-615 Firmware Acer veriton X2611g Acer veriton N4620g Firmware Acer aspire X3475 Acer veriton M4620 Acer veriton M2611 Acer veriton Z2650g Firmware Acer veriton X2611 Acer veriton X2611 Firmware Acer veriton M2120g Firmware Acer veriton M2110g Firmware Acer aspire 7600u Acer aspire X3475 Firmware Acer veriton X6620g Firmware Acer veriton M2611 Firmware Acer veriton E430g Firmware Acer veriton M4620g Acer veriton N4630g Firmware Acer aspire 1600x Firmware Acer veriton X4620g Acer veriton M2611g Firmware Acer veriton N4620g Acer aspire X1935 Firmware Acer veriton E430 Acer veriton M4620 Firmware Acer veriton M6620g Acer aspire Tc-120 Firmware Acer veriton X6620g Acer aspire Tc-120 Acer aspire 7600u Firmware Acer Acer aspire U5-620 Firmware Acer veriton M2611g Acer aspire Tc-105 Firmware Acer aspire Xc100 Firmware Acer veriton N2620g Firmware Acer veriton M6620g Firmware Acer aspire X1935 Acer aspire 1600x Acer veriton E430 Firmware Acer aspire X3995 Firmware Acer altos T110 F3 Acer aspire 1602m Acer ap130 F2 Acer veriton N4630g Acer veriton B630 49 Acer veriton N2620g Acer altos T110 F3 Firmware |
|
| References | (MISC) http://acer.com - Vendor Advisory | |
| References | (MISC) http://altos.com - Broken Link | |
| References | (MISC) https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md - Exploit, Third Party Advisory |
23 Sep 2022, 04:21
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-09-23 00:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-30426
Mitre link : CVE-2022-30426
CVE.ORG link : CVE-2022-30426
JSON object : View
Products Affected
acer
- veriton_m2110g
- aspire_u5-620
- veriton_m2120g
- veriton_s6620g_firmware
- veriton_e430_firmware
- veriton_m2611
- veriton_m2611g_firmware
- veriton_m2110g_firmware
- veriton_b630_49_firmware
- aspire_1600x
- veriton_x2611
- aspire_x1935_firmware
- veriton_n4620g
- veriton_m4620g_firmware
- aspire_xc100_firmware
- veriton_x2611_firmware
- veriton_b630_49
- veriton_z2650g_firmware
- aspire_tc-120
- veriton_n2620g_firmware
- aspire_mc605_firmware
- veriton_m6620g
- aspire_tc-105_firmware
- aspire_7600u_firmware
- veriton_x6620g
- veriton_m2611g
- veriton_x2611g_firmware
- aspire_z3-615_firmware
- veriton_m2120g_firmware
- aspire_xc100
- altos_t110_f3_firmware
- ap130_f2
- veriton_e430g
- veriton_e430
- altos_t110_f3
- veriton_n4630g_firmware
- aspire_xc600
- veriton_m4620
- ap130_f2_firmware
- aspire_1600x_firmware
- veriton_x4620g_firmware
- veriton_z2650g
- veriton_e430g_firmware
- aspire_xc600_firmware
- veriton_s6620g
- aspire_mc605
- aspire_1602m_firmware
- veriton_n4630g
- aspire_tc-105
- veriton_m4620g
- veriton_x4620g
- veriton_x6620g_firmware
- aspire_x1935
- veriton_n4620g_firmware
- aspire_x3995_firmware
- aspire_x3995
- aspire_z3-615
- aspire_1602m
- veriton_x2611g
- aspire_7600u
- veriton_m6620g_firmware
- aspire_tc-120_firmware
- aspire_u5-620_firmware
- aspire_x3475_firmware
- veriton_m4620_firmware
- veriton_m2611_firmware
- aspire_x3475
- veriton_n2620g
CWE
CWE-787
Out-of-bounds Write