CVE-2022-3228 MEDIUM

CVE-2022-3228

Vendor Host Engineering
Product H0-ECOM100 Communications Module
Weakness CWE-121
Published October 28, 2022
Last update April 16, 2025

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive.

Key dates

02Disclosure timeline

October 28, 2022 CVE published
April 16, 2025 Record updated