CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://youtu.be/73-1lhvJPNg	Exploit Third Party Advisory
https://youtu.be/RfWVYCUBNZ0	Exploit Third Party Advisory
https://youtu.be/TeWAmZaKQ_w	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*

History

13 Jan 2023, 14:19

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linksys:wrt54gl_firmware:::::::: cpe:2.3:h:linksys:wrt54gl:-:::::::*
CWE		CWE-787
References	~~(CONFIRM) https://youtu.be/73-1lhvJPNg -~~	(CONFIRM) https://youtu.be/73-1lhvJPNg - Exploit, Third Party Advisory
References	~~(CONFIRM) https://youtu.be/TeWAmZaKQ_w -~~	(CONFIRM) https://youtu.be/TeWAmZaKQ_w - Exploit, Third Party Advisory
References	~~(CONFIRM) https://youtu.be/RfWVYCUBNZ0 -~~	(CONFIRM) https://youtu.be/RfWVYCUBNZ0 - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
First Time		Linksys Linksys wrt54gl Firmware Linksys wrt54gl

09 Jan 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-09 21:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-43970

Mitre link : CVE-2022-43970

CVE.ORG link : CVE-2022-43970

JSON object : View

Products Affected

linksys

wrt54gl
wrt54gl_firmware

CWE

CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-43970", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-01-09T21:15:10.750", "references": [{"url": "https://youtu.be/73-1lhvJPNg", "tags": ["Exploit", "Third Party Advisory"], "source": "trellixpsirt@trellix.com"}, {"url": "https://youtu.be/RfWVYCUBNZ0", "tags": ["Exploit", "Third Party Advisory"], "source": "trellixpsirt@trellix.com"}, {"url": "https://youtu.be/TeWAmZaKQ_w", "tags": ["Exploit", "Third Party Advisory"], "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."}], "lastModified": "2023-01-13T14:19:16.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE", "versionEndIncluding": "4.30.18.006"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "trellixpsirt@trellix.com"}