Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H, nft_byteorder.C, nft_meta.C.
This issue affects Echo-Mate: before V250329.
AnalysisAI
Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers with low privileges to achieve high-impact confidentiality, integrity, and availability violations through manipulation of nf_tables, nft_byteorder, or nft_meta components. The vulnerability requires local access and specific conditions to exploit but poses significant risk to system security with confirmed patch availability.
Technical ContextAI
The vulnerability resides in the Echo-Mate SDK's netfilter subsystem implementation within the Linux kernel include files. Specifically, the affected modules handle packet filtering and byte-order operations in the nftables framework. CWE-229 (Improper Handling of Values) indicates that the code fails to properly validate, sanitize, or process values before use, which in the context of netfilter operations could allow improper access to packet metadata or filter state. The CPE identifier cpe:2.3:a:no-chicken:echo-mate:*:*:*:*:*:*:*:* confirms the vulnerability spans all versions of Echo-Mate prior to the patched release V250329. Netfilter is a core kernel subsystem responsible for network packet processing, making this a privileged-level component.
RemediationAI
Upgrade No-Chicken Echo-Mate to version V250329 or later immediately, as the patch is available from the vendor. The recommended approach is to pull the latest changes from the official repository, particularly the netfilter module fixes, and rebuild the SDK. For systems unable to patch immediately, restrict network access to Echo-Mate deployments to trusted internal networks only, and apply additional packet filtering rules at the network boundary to limit exposure of any information disclosure vectors. Review the patch details at https://github.com/No-Chicken/Echo-Mate/pull/8 to understand the specific fixes applied. Post-upgrade, test the netfilter functionality in a staging environment before production deployment.
A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management
A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with
Same weakness CWE-229 – Improper Handling of Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14705
GHSA-j843-m256-pf25