{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4737", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:15:54.004Z", "datePublished": "2026-03-24T03:16:22.292Z", "dateUpdated": "2026-03-24T14:35:46.646Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:16:22.292Z"}, "title": "Use-After-Free Vulnerability in No-Chicken/Echo-Mate", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free", "type": "CWE"}]}], "affected": [{"vendor": "No-Chicken", "product": "Echo-Mate", "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "modules": ["\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm"], "programFiles": ["rmap.c\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate (\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C\u200e.\n\nThis issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use After Free vulnerability in No-Chicken Echo-Mate (\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm modules).<p> This vulnerability is associated with program files rmap.C\u200e.</p><p>This issue affects Echo-Mate: before V250329.</p>"}]}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/9", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NEGLIGIBLE", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:35:39.935676Z", "id": "CVE-2026-4737", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:35:46.646Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4737", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T14:35:39.935676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:35:43.078Z"}}], "cna": {"title": "Use-After-Free Vulnerability in No-Chicken/Echo-Mate", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.3, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "No-Chicken", "modules": ["\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm"], "product": "Echo-Mate", "versions": [{"status": "affected", "version": "0", "lessThan": "V250329", "versionType": "git"}], "programFiles": ["rmap.c\u200e"], "collectionURL": "https://github.com/No-Chicken/Echo-Mate", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/No-Chicken/Echo-Mate/pull/9", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate (\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C\u200e.\n\nThis issue affects Echo-Mate: before V250329.", "supportingMedia": [{"type": "text/html", "value": "Use After Free vulnerability in No-Chicken Echo-Mate (\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm modules).<p> This vulnerability is associated with program files rmap.C\u200e.</p><p>This issue affects Echo-Mate: before V250329.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:16:22.292Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4737", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:35:46.646Z", "dateReserved": "2026-03-24T03:15:54.004Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T03:16:22.292Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in No-Chicken Echo-Mate (\u200eSDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C\u200e.\n\nThis issue affects Echo-Mate: before V250329."}, {"lang": "es", "value": "Vulnerabilidad de Uso Despu\u00e9s de Liberar en No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/mm m\u00f3dulos). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa rmap.C.\n\nEste problema afecta a Echo-Mate: antes de V250329."}], "id": "CVE-2026-4737", "lastModified": "2026-04-30T15:54:12.947", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:27.913", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/No-Chicken/Echo-Mate/pull/9"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,V250329)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Echo-Mate", "source": "cna", "vendor": "No-Chicken"}, "product": "echo-mate", "vendor": "no-chicken"}], "analysis": {"en": {"generated_at": "2026-03-24T04:50:44.535686+00:00", "value": {"mitigation_remediation": ["Upgrade Echo\u2011Mate firmware to version V250329 or later to apply the patch for the corrupted memory modules.", "If an upgrade cannot be performed immediately, consider disabling or removing the affected kernel module associated with rmap.C to limit the exploitation surface.", "Monitor device logs and network traffic for anomalous behavior that may indicate an attempt to leverage the use\u2011after\u2011free flaw, and reinforce access controls or network segmentation as defensive measures."], "summary": {"action": "Apply patch", "impact": "Use\u2011after\u2011free memory corruption"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to Echo\u2011Mate firmware versions earlier than V250329. All installations that include the affected kernel modules are impacted.", "description_and_impact": "A use\u2011after\u2011free defect exists in the kernel memory management modules of the No\u2011Chicken Echo\u2011Mate SDK, affecting the program files rmap.C. The flaw enables access to memory that has already been freed, which can lead to unexpected data manipulation or system instability.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high severity risk. No EPSS data or KEV listing is available, so the likelihood of proactive exploitation is unclear. The flaw resides in a kernel component, suggesting a local exploitation path; however, if the device is exposed to external networks, remote exploitation could be possible depending on additional access conditions."}}}}, "created": "2026-03-24T10:29:15.519245+00:00", "updated": "2026-03-25T20:40:20.758123+00:00", "vendors": ["no-chicken", "no-chicken$PRODUCT$echo-mate"]}