CVE-2022-24702

CRITICAL

WinAPRS 2.9.0 - RCE

Title source: llm

Description

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploits (1)

nomisec WORKING POC 9 stars

by Coalfire-Research · poc

https://github.com/Coalfire-Research/WinAPRS-Exploits

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://winaprs.com/

[Exploit, Third Party Advisory] https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1

[Issue Tracking, Third Party Advisory] https://news.ycombinator.com/item?id=31571476

[Exploit, Third Party Advisory] https://github.com/Coalfire-Research/WinAPRS-Exploits

Scores

CVSS v3 9.8

EPSS 0.4009

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

winaprs/winaprs 2.9.0

Published Jun 02, 2022

Tracked Since Feb 18, 2026