Vulnerability Details CVE-2022-27255
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.291
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-27255
-
cpe:2.3:h:realtek:ecos_msdk:-
-
cpe:2.3:h:realtek:ecos_rsdk:-
-
cpe:2.3:o:realtek:ecos_msdk_firmware:4.9.4p1
-
cpe:2.3:o:realtek:ecos_rsdk_firmware:1.5.7p1