Newtec NTC2218, NTC2250, and NTC2299 Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in Newtec NTC2218, NTC2250, and NTC2299 modems running Linux on PowerPC and ARM architectures. This vulnerability, which allows local execution of code and remote code inclusion, arises from the 'swdownload' binary module's 'parse_INFO' function. The function employs an unrestricted 'sscanf' to read data from incoming network packets into a statically sized buffer, creating a stack buffer overflow. The issue affects versions 1.0.1.1 through 2.2.6.19.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newtec NTC2218, NTC2250, and NTC2299 Buffer Overflow Vulnerability Allowing Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating