CVE-2022-30114

HIGH

Fastweb FASTGate FGA2130FWB < 18.3.n.0482 & DGA4131FWB < 18.3.n.0462 - Heap Overflow via HTTP

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-30114. PoCs published by str0ng4le.

AI-analyzed exploit summary This PoC exploits a heap-based buffer overflow in the 'cmproxy' executable of Fastweb FastGate routers by sending a crafted HTTP request with an oversized 'Authorization' header, causing a denial of service (reboot). The vulnerability is due to lack of input validation in the service exposed on TCP port 8888.

Description

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.

Exploits (1)

nomisec WORKING POC
by str0ng4le · poc
https://github.com/str0ng4le/CVE-2022-30114

This PoC exploits a heap-based buffer overflow in the 'cmproxy' executable of Fastweb FastGate routers by sending a crafted HTTP request with an oversized 'Authorization' header, causing a denial of service (reboot). The vulnerability is due to lack of input validation in the service exposed on TCP port 8888.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Fastweb FastGate (Technicolor MediaAccess FGA2130FWB/DGA4131FWB) versions 18.3.n.0482_FW_233_FGA2130 and below
No auth needed
Prerequisites: Network access to TCP port 8888 on the target device
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0240
EPSS Percentile 82.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (2)
fastweb/fastgate_gpon_fga2130fwb_firmware < 18.3.n.0482_fw_233_fga2130
fastweb/fastgate_vdsl2_dga4131fwb_firmware < 18.3.n.0482_fw_264_dga4131
Published May 19, 2023
Tracked Since Feb 18, 2026