CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48034
https://notcve.org/view.php?id=CVE-2023-48034
An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. Un problema descubierto en Acer Wireless Keyboard SK-9662 permite a un atacante en proximidad física descifrar pulsaciones de teclas inalámbricas e inyectar pulsaciones de teclas arbitrarias mediante el uso de un cifrado débil. • https://github.com/aprkr/CVE-2023-48034 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-40080
https://notcve.org/view.php?id=CVE-2022-40080
Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. • https://acer.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-40080/CVE-2022-40080.md • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4020 – Acer Aspire BIOS vulnerability
https://notcve.org/view.php?id=CVE-2022-4020
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable. Una vulnerabilidad en el controlador HQSwSmiDxe DXE en algunos dispositivos portátiles Acer de consumo puede permitir que un atacante con privilegios elevados modifique la configuración de arranque seguro UEFI modificando una variable NVRAM. • https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41415
https://notcve.org/view.php?id=CVE-2022-41415
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. Se ha detectado que Acer Altos W2000h-W570h F4 versión R01.03.0018, contiene un desbordamiento de pila en el componente RevserveMem. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de una inyección de shellcode diseñado en la variable NVRAM • http://acer.com http://altos.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-41415/CVE-2022-41415.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 1CVE-2022-30426
https://notcve.org/view.php?id=CVE-2022-30426
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir. Se presenta una vulnerabilidad de desbordamiento del búfer de la pila, que podría conllevar a una ejecución de código arbitrario en el controlador UEFI DXE de algunos productos Acer. Un ataque podría explotar esta vulnerabilidad para escalar el privilegio del anillo 3 al anillo 0, y secuestrar el flujo de control durante la ejecución de UEFI DXE. • http://acer.com http://altos.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md • CWE-787: Out-of-bounds Write •