CVE-2022-30426

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

Se presenta una vulnerabilidad de desbordamiento del búfer de la pila, que podría conllevar a una ejecución de código arbitrario en el controlador UEFI DXE de algunos productos Acer. Un ataque podría explotar esta vulnerabilidad para escalar el privilegio del anillo 3 al anillo 0, y secuestrar el flujo de control durante la ejecución de UEFI DXE. Esto afecta a versiones de firmware Altos T110 F3 versiones anteriores a P13 incluyéndola (más reciente) y AP130 F2 versiones anteriores a P04 incluyéndola (más reciente) y Aspire 1600X versiones anteriores a P11.A3L incluyéndola (más reciente) y Aspire 1602M versiones anteriores a P11.A3L incluyéndola (más reciente) y Aspire 7600U versiones anteriores a P11. A4 incluyéndola (más reciente) y Aspire MC605 versiones de firmware anteriores a P11.A4L incluyéndola (más reciente) y Aspire TC-105 versiones de firmware anteriores a P12.B0L incluyéndola (más reciente) y Aspire TC-120 versiones de firmware anteriores a P11-A4 incluyéndola (más reciente) y Aspire U5-620 versiones de firmware anteriores a P11.A1 incluyéndola (más reciente) y Aspire X1935 versiones de firmware anteriores a P11. A3L incluyéndola (más reciente) y Aspire X3475 versiones de firmware anteriores a P11.A3L incluyéndola (más reciente) y Aspire X3995 versiones de firmware anteriores a P11.A3L incluyéndola (más reciente) y Aspire XC100 versiones de firmware anteriores a P11.B3 incluyéndola (más reciente) y Aspire XC600 versiones de firmware anteriores a P11.A4 incluyéndola (más reciente) y Aspire Z3-615 versiones de firmware anteriores a P11. A2L incluyéndola (más reciente) y Veriton E430G versiones de firmware anteriores a P21.A1 incluyéndola (más reciente) y Veriton B630_49 versiones de firmware anteriores a AAP02SR incluyéndola (más reciente) y Veriton E430 versiones de firmware anteriores a P11.A4 incluyéndola (más reciente) y Veriton M2110G versiones de firmware anteriores a P21.A3 incluyéndola (más reciente) y Veriton M2120G fir.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2022-05-09 CVE Reserved
2022-09-22 CVE Published
2025-05-27 CVE Updated
2025-05-27 First Exploit
2025-06-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (3)

URL	Tag	Source
http://altos.com	Broken Link

URL	Date	SRC
https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md	2025-05-27

URL	Date	SRC

URL	Date	SRC
http://acer.com	2022-09-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Acer Search vendor "Acer"	Altos T110 F3 Firmware Search vendor "Acer" for product "Altos T110 F3 Firmware"	< p13 Search vendor "Acer" for product "Altos T110 F3 Firmware" and version " < p13"	-	Affected	in	Acer Search vendor "Acer"	Altos T110 F3 Search vendor "Acer" for product "Altos T110 F3"	-	-	Safe
Acer Search vendor "Acer"	Ap130 F2 Firmware Search vendor "Acer" for product "Ap130 F2 Firmware"	< p04 Search vendor "Acer" for product "Ap130 F2 Firmware" and version " < p04"	-	Affected	in	Acer Search vendor "Acer"	Ap130 F2 Search vendor "Acer" for product "Ap130 F2"	-	-	Safe
Acer Search vendor "Acer"	Aspire 1600x Firmware Search vendor "Acer" for product "Aspire 1600x Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire 1600x Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire 1600x Search vendor "Acer" for product "Aspire 1600x"	-	-	Safe
Acer Search vendor "Acer"	Aspire 1602m Firmware Search vendor "Acer" for product "Aspire 1602m Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire 1602m Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire 1602m Search vendor "Acer" for product "Aspire 1602m"	-	-	Safe
Acer Search vendor "Acer"	Aspire 7600u Firmware Search vendor "Acer" for product "Aspire 7600u Firmware"	< p11.a4 Search vendor "Acer" for product "Aspire 7600u Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire 7600u Search vendor "Acer" for product "Aspire 7600u"	-	-	Safe
Acer Search vendor "Acer"	Aspire Mc605 Firmware Search vendor "Acer" for product "Aspire Mc605 Firmware"	< p11.a4l Search vendor "Acer" for product "Aspire Mc605 Firmware" and version " < p11.a4l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Mc605 Search vendor "Acer" for product "Aspire Mc605"	-	-	Safe
Acer Search vendor "Acer"	Aspire Tc-105 Firmware Search vendor "Acer" for product "Aspire Tc-105 Firmware"	< p12.b0l Search vendor "Acer" for product "Aspire Tc-105 Firmware" and version " < p12.b0l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Tc-105 Search vendor "Acer" for product "Aspire Tc-105"	-	-	Safe
Acer Search vendor "Acer"	Aspire Tc-120 Firmware Search vendor "Acer" for product "Aspire Tc-120 Firmware"	< p11-a4 Search vendor "Acer" for product "Aspire Tc-120 Firmware" and version " < p11-a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire Tc-120 Search vendor "Acer" for product "Aspire Tc-120"	-	-	Safe
Acer Search vendor "Acer"	Aspire U5-620 Firmware Search vendor "Acer" for product "Aspire U5-620 Firmware"	< p11.a1 Search vendor "Acer" for product "Aspire U5-620 Firmware" and version " < p11.a1"	-	Affected	in	Acer Search vendor "Acer"	Aspire U5-620 Search vendor "Acer" for product "Aspire U5-620"	-	-	Safe
Acer Search vendor "Acer"	Aspire X1935 Firmware Search vendor "Acer" for product "Aspire X1935 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X1935 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X1935 Search vendor "Acer" for product "Aspire X1935"	-	-	Safe
Acer Search vendor "Acer"	Aspire X3475 Firmware Search vendor "Acer" for product "Aspire X3475 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X3475 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X3475 Search vendor "Acer" for product "Aspire X3475"	-	-	Safe
Acer Search vendor "Acer"	Aspire X3995 Firmware Search vendor "Acer" for product "Aspire X3995 Firmware"	< p11.a3l Search vendor "Acer" for product "Aspire X3995 Firmware" and version " < p11.a3l"	-	Affected	in	Acer Search vendor "Acer"	Aspire X3995 Search vendor "Acer" for product "Aspire X3995"	-	-	Safe
Acer Search vendor "Acer"	Aspire Xc100 Firmware Search vendor "Acer" for product "Aspire Xc100 Firmware"	< p11.b3 Search vendor "Acer" for product "Aspire Xc100 Firmware" and version " < p11.b3"	-	Affected	in	Acer Search vendor "Acer"	Aspire Xc100 Search vendor "Acer" for product "Aspire Xc100"	-	-	Safe
Acer Search vendor "Acer"	Aspire Xc600 Firmware Search vendor "Acer" for product "Aspire Xc600 Firmware"	< p11.a4 Search vendor "Acer" for product "Aspire Xc600 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Aspire Xc600 Search vendor "Acer" for product "Aspire Xc600"	-	-	Safe
Acer Search vendor "Acer"	Aspire Z3-615 Firmware Search vendor "Acer" for product "Aspire Z3-615 Firmware"	< p11.a2l Search vendor "Acer" for product "Aspire Z3-615 Firmware" and version " < p11.a2l"	-	Affected	in	Acer Search vendor "Acer"	Aspire Z3-615 Search vendor "Acer" for product "Aspire Z3-615"	-	-	Safe
Acer Search vendor "Acer"	Veriton B630 49 Firmware Search vendor "Acer" for product "Veriton B630 49 Firmware"	< aap02sr Search vendor "Acer" for product "Veriton B630 49 Firmware" and version " < aap02sr"	-	Affected	in	Acer Search vendor "Acer"	Veriton B630 49 Search vendor "Acer" for product "Veriton B630 49"	-	-	Safe
Acer Search vendor "Acer"	Veriton E430g Firmware Search vendor "Acer" for product "Veriton E430g Firmware"	< p21.a1 Search vendor "Acer" for product "Veriton E430g Firmware" and version " < p21.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton E430g Search vendor "Acer" for product "Veriton E430g"	-	-	Safe
Acer Search vendor "Acer"	Veriton E430 Firmware Search vendor "Acer" for product "Veriton E430 Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton E430 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton E430 Search vendor "Acer" for product "Veriton E430"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2110g Firmware Search vendor "Acer" for product "Veriton M2110g Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M2110g Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2110g Search vendor "Acer" for product "Veriton M2110g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2120g Firmware Search vendor "Acer" for product "Veriton M2120g Firmware"	< p11-a3 Search vendor "Acer" for product "Veriton M2120g Firmware" and version " < p11-a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2120g Search vendor "Acer" for product "Veriton M2120g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2611g Firmware Search vendor "Acer" for product "Veriton M2611g Firmware"	< p11-b0l Search vendor "Acer" for product "Veriton M2611g Firmware" and version " < p11-b0l"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2611g Search vendor "Acer" for product "Veriton M2611g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M2611 Firmware Search vendor "Acer" for product "Veriton M2611 Firmware"	< p11.b0 Search vendor "Acer" for product "Veriton M2611 Firmware" and version " < p11.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton M2611 Search vendor "Acer" for product "Veriton M2611"	-	-	Safe
Acer Search vendor "Acer"	Veriton M4620 Firmware Search vendor "Acer" for product "Veriton M4620 Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M4620 Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M4620 Search vendor "Acer" for product "Veriton M4620"	-	-	Safe
Acer Search vendor "Acer"	Veriton M4620g Firmware Search vendor "Acer" for product "Veriton M4620g Firmware"	< p21.a3 Search vendor "Acer" for product "Veriton M4620g Firmware" and version " < p21.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton M4620g Search vendor "Acer" for product "Veriton M4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton M6620g Firmware Search vendor "Acer" for product "Veriton M6620g Firmware"	< p21.a0 Search vendor "Acer" for product "Veriton M6620g Firmware" and version " < p21.a0"	-	Affected	in	Acer Search vendor "Acer"	Veriton M6620g Search vendor "Acer" for product "Veriton M6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N2620g Firmware Search vendor "Acer" for product "Veriton N2620g Firmware"	< p21.b0 Search vendor "Acer" for product "Veriton N2620g Firmware" and version " < p21.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton N2620g Search vendor "Acer" for product "Veriton N2620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N4620g Firmware Search vendor "Acer" for product "Veriton N4620g Firmware"	< p11.a2l Search vendor "Acer" for product "Veriton N4620g Firmware" and version " < p11.a2l"	-	Affected	in	Acer Search vendor "Acer"	Veriton N4620g Search vendor "Acer" for product "Veriton N4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton N4630g Firmware Search vendor "Acer" for product "Veriton N4630g Firmware"	< p21.b0 Search vendor "Acer" for product "Veriton N4630g Firmware" and version " < p21.b0"	-	Affected	in	Acer Search vendor "Acer"	Veriton N4630g Search vendor "Acer" for product "Veriton N4630g"	-	-	Safe
Acer Search vendor "Acer"	Veriton S6620g Firmware Search vendor "Acer" for product "Veriton S6620g Firmware"	< p11.a1 Search vendor "Acer" for product "Veriton S6620g Firmware" and version " < p11.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton S6620g Search vendor "Acer" for product "Veriton S6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X2611g Firmware Search vendor "Acer" for product "Veriton X2611g Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton X2611g Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton X2611g Search vendor "Acer" for product "Veriton X2611g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X2611 Firmware Search vendor "Acer" for product "Veriton X2611 Firmware"	< p11.a4 Search vendor "Acer" for product "Veriton X2611 Firmware" and version " < p11.a4"	-	Affected	in	Acer Search vendor "Acer"	Veriton X2611 Search vendor "Acer" for product "Veriton X2611"	-	-	Safe
Acer Search vendor "Acer"	Veriton X4620g Firmware Search vendor "Acer" for product "Veriton X4620g Firmware"	< p11.a3 Search vendor "Acer" for product "Veriton X4620g Firmware" and version " < p11.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton X4620g Search vendor "Acer" for product "Veriton X4620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton X6620g Firmware Search vendor "Acer" for product "Veriton X6620g Firmware"	< p11.a3 Search vendor "Acer" for product "Veriton X6620g Firmware" and version " < p11.a3"	-	Affected	in	Acer Search vendor "Acer"	Veriton X6620g Search vendor "Acer" for product "Veriton X6620g"	-	-	Safe
Acer Search vendor "Acer"	Veriton Z2650g Firmware Search vendor "Acer" for product "Veriton Z2650g Firmware"	< p21.a1 Search vendor "Acer" for product "Veriton Z2650g Firmware" and version " < p21.a1"	-	Affected	in	Acer Search vendor "Acer"	Veriton Z2650g Search vendor "Acer" for product "Veriton Z2650g"	-	-	Safe