Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30426

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 68 products from acer, from acer, from acer and 65 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-09-23T00:15:09.747

Last Modified

2025-05-27T16:15:22.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-787
  • Type: Secondary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System acer altos_t110_f3_firmware < p13 Yes
Hardware acer altos_t110_f3 - No
Operating System acer ap130_f2_firmware < p04 Yes
Hardware acer ap130_f2 - No
Operating System acer aspire_1600x_firmware < p11.a3l Yes
Hardware acer aspire_1600x - No
Operating System acer aspire_1602m_firmware < p11.a3l Yes
Hardware acer aspire_1602m - No
Operating System acer aspire_7600u_firmware < p11.a4 Yes
Hardware acer aspire_7600u - No
Operating System acer aspire_mc605_firmware < p11.a4l Yes
Hardware acer aspire_mc605 - No
Operating System acer aspire_tc-105_firmware < p12.b0l Yes
Hardware acer aspire_tc-105 - No
Operating System acer aspire_tc-120_firmware < p11-a4 Yes
Hardware acer aspire_tc-120 - No
Operating System acer aspire_u5-620_firmware < p11.a1 Yes
Hardware acer aspire_u5-620 - No
Operating System acer aspire_x1935_firmware < p11.a3l Yes
Hardware acer aspire_x1935 - No
Operating System acer aspire_x3475_firmware < p11.a3l Yes
Hardware acer aspire_x3475 - No
Operating System acer aspire_x3995_firmware < p11.a3l Yes
Hardware acer aspire_x3995 - No
Operating System acer aspire_xc100_firmware < p11.b3 Yes
Hardware acer aspire_xc100 - No
Operating System acer aspire_xc600_firmware < p11.a4 Yes
Hardware acer aspire_xc600 - No
Operating System acer aspire_z3-615_firmware < p11.a2l Yes
Hardware acer aspire_z3-615 - No
Operating System acer veriton_b630_49_firmware < aap02sr Yes
Hardware acer veriton_b630_49 - No
Operating System acer veriton_e430g_firmware < p21.a1 Yes
Hardware acer veriton_e430g - No
Operating System acer veriton_e430_firmware < p11.a4 Yes
Hardware acer veriton_e430 - No
Operating System acer veriton_m2110g_firmware < p21.a3 Yes
Hardware acer veriton_m2110g - No
Operating System acer veriton_m2120g_firmware < p11-a3 Yes
Hardware acer veriton_m2120g - No
Operating System acer veriton_m2611g_firmware < p11-b0l Yes
Hardware acer veriton_m2611g - No
Operating System acer veriton_m2611_firmware < p11.b0 Yes
Hardware acer veriton_m2611 - No
Operating System acer veriton_m4620_firmware < p21.a3 Yes
Hardware acer veriton_m4620 - No
Operating System acer veriton_m4620g_firmware < p21.a3 Yes
Hardware acer veriton_m4620g - No
Operating System acer veriton_m6620g_firmware < p21.a0 Yes
Hardware acer veriton_m6620g - No
Operating System acer veriton_n2620g_firmware < p21.b0 Yes
Hardware acer veriton_n2620g - No
Operating System acer veriton_n4620g_firmware < p11.a2l Yes
Hardware acer veriton_n4620g - No
Operating System acer veriton_n4630g_firmware < p21.b0 Yes
Hardware acer veriton_n4630g - No
Operating System acer veriton_s6620g_firmware < p11.a1 Yes
Hardware acer veriton_s6620g - No
Operating System acer veriton_x2611g_firmware < p11.a4 Yes
Hardware acer veriton_x2611g - No
Operating System acer veriton_x2611_firmware < p11.a4 Yes
Hardware acer veriton_x2611 - No
Operating System acer veriton_x4620g_firmware < p11.a3 Yes
Hardware acer veriton_x4620g - No
Operating System acer veriton_x6620g_firmware < p11.a3 Yes
Hardware acer veriton_x6620g - No
Operating System acer veriton_z2650g_firmware < p21.a1 Yes
Hardware acer veriton_z2650g - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For acer's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.