{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4736", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:10:55.386Z", "datePublished": "2026-03-24T03:11:16.951Z", "dateUpdated": "2026-03-24T14:36:13.673Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:11:16.951Z"}, "title": "Math Issue in No-Chicken/Echo-Mate", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-229", "description": "CWE-229 Improper Handling of Values", "type": "CWE"}]}], "affected": [{"vendor": "No-Chicken", "product": "Echo-Mate", "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "modules": ["SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter"], "programFiles": ["nf_tables.h\u200e", "nft_byteorder.c\u200e", "nft_meta.c\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\n\nThis issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules).<p> This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.</p><p>This issue affects Echo-Mate: before V250329.</p>"}]}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/8", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NEGLIGIBLE", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:36:07.759008Z", "id": "CVE-2026-4736", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:36:13.673Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4736", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:36:07.759008Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:36:10.624Z"}}], "cna": {"title": "Math Issue in No-Chicken/Echo-Mate", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.3, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "No-Chicken", "modules": ["SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter"], "product": "Echo-Mate", "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "programFiles": ["nf_tables.h\u200e", "nft_byteorder.c\u200e", "nft_meta.c\u200e"], "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/8", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\n\nThis issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules).<p> This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.</p><p>This issue affects Echo-Mate: before V250329.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-229", "description": "CWE-229 Improper Handling of Values"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:11:16.951Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4736", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:36:13.673Z", "dateReserved": "2026-03-24T03:10:55.386Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T03:11:16.951Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\n\nThis issue affects Echo-Mate: before V250329."}, {"lang": "es", "value": "Vulnerabilidad de Manejo Inadecuado de Valores en No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter m\u00f3dulos). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa nf_tables.H, nft_byteorder.C, nft_meta.C.\n\nEste problema afecta a Echo-Mate: antes de V250329."}], "id": "CVE-2026-4736", "lastModified": "2026-04-30T15:54:12.947", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:26.287", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/No-Chicken/Echo-Mate/pull/8"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-229"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V250329)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Echo-Mate", "source": "cna", "vendor": "No-Chicken"}, "product": "echo-mate", "vendor": "no-chicken"}], "analysis": {"en": {"generated_at": "2026-03-24T05:22:20.171824+00:00", "value": {"mitigation_remediation": ["Upgrade Echo\u2011Mate firmware to version 250329 or later, or apply the patch referenced in the GitHub pull request.", "If an upgrade cannot be performed immediately, block or filter packets that could trigger the vulnerability at the network perimeter.", "Monitor system logs, kernel panic reports, and network traffic for anomalies that may indicate exploitation attempts.", "Stay alert for further security releases from No\u2011Chicken and apply them promptly."], "summary": {"action": "Immediate Patch", "impact": "Kernel privilege escalation or denial of service"}, "threat_synthesis": {"affected_systems": "All instances of No\u2011Chicken Echo\u2011Mate running firmware versions prior to V250329. No other vendors or products are listed as impacted by the CNA.", "description_and_impact": "The vulnerability resides in the netfilter packet\u2011filtering modules nf_tables.h, nft_byteorder.c, and nft_meta.c of No\u2011Chicken Echo\u2011Mate. Improper handling of values in these kernel sources can lead to out\u2011of\u2011bounds memory accesses or logic errors, as indicated by CWE\u2011229. An attacker could craft malicious network packets that trigger the fault, potentially causing the kernel to execute unintended code or crash, which could lead to privilege escalation or a denial\u2011of\u2011service of the device.", "risk_and_exploitability": "The CVSS score of 7.3 classifies this as a high\u2011severity flaw, and while it is not listed in CISA\u2019s KEV catalog, its presence in kernel space makes it critical. Because the EPSS score is unavailable, the actual exploitation likelihood cannot be quantified, but the vulnerability can be exercised remotely by sending crafted packets to the device\u2019s network interface. Administrators should treat it as a remote kernel exploitation risk."}}}}, "created": "2026-03-24T10:29:16.388696+00:00", "updated": "2026-03-25T20:40:21.650057+00:00", "vendors": ["no-chicken", "no-chicken$PRODUCT$echo-mate"]}