CVE-2022-43970 (GCVE-0-2022-43970)
Vulnerability from cvelistv5 – Published: 2023-01-09 00:00 – Updated: 2025-04-09 14:26
VLAI?
Title
Buffer overflow in Linksys WRT54GL
Summary
A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.
Severity ?
7.2 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linksys | WRT54GL Wireless-G Broadband Router |
Affected:
Firmware , ≤ 4.30.18.006
(custom)
|
Credits
Jessie Chick of Trellix ARC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"tags": [
"x_transferred"
],
"url": "https://youtu.be/RfWVYCUBNZ0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:25:37.571154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:26:11.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRT54GL Wireless-G Broadband Router",
"vendor": "Linksys",
"versions": [
{
"lessThanOrEqual": "4.30.18.006",
"status": "affected",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jessie Chick of Trellix ARC"
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://youtu.be/73-1lhvJPNg"
},
{
"url": "https://youtu.be/TeWAmZaKQ_w"
},
{
"url": "https://youtu.be/RfWVYCUBNZ0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Buffer overflow in Linksys WRT54GL",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2022-43970",
"datePublished": "2023-01-09T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2025-04-09T14:26:11.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.30.18.006\", \"matchCriteriaId\": \"AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04AA9149-2F72-4585-8A41-66AE3D573197\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de desbordamiento del b\\u00fafer en el router Linksys WRT54GL Wireless-G Broadband con firmware \u0026lt;= 4.30.18.006. Un desbordamiento de b\\u00fafer en la regi\\u00f3n stack de la memoria en la funci\\u00f3n Start_EPI dentro del binario httpd permite a un atacante autenticado con privilegios de administrador ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root. Esta vulnerabilidad se puede activar a trav\\u00e9s de la red mediante una solicitud POST maliciosa a /apply.cgi.\"}]",
"id": "CVE-2022-43970",
"lastModified": "2024-11-21T07:27:27.067",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2023-01-09T21:15:10.750",
"references": "[{\"url\": \"https://youtu.be/73-1lhvJPNg\", \"source\": \"trellixpsirt@trellix.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\", \"source\": \"trellixpsirt@trellix.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\", \"source\": \"trellixpsirt@trellix.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://youtu.be/73-1lhvJPNg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "trellixpsirt@trellix.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-43970\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2023-01-09T21:15:10.750\",\"lastModified\":\"2024-11-21T07:27:27.067\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de desbordamiento del b\u00fafer en el router Linksys WRT54GL Wireless-G Broadband con firmware \u0026lt;= 4.30.18.006. Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n Start_EPI dentro del binario httpd permite a un atacante autenticado con privilegios de administrador ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root. Esta vulnerabilidad se puede activar a trav\u00e9s de la red mediante una solicitud POST maliciosa a /apply.cgi.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.30.18.006\",\"matchCriteriaId\":\"AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AA9149-2F72-4585-8A41-66AE3D573197\"}]}]}],\"references\":[{\"url\":\"https://youtu.be/73-1lhvJPNg\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/RfWVYCUBNZ0\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/TeWAmZaKQ_w\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/73-1lhvJPNg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/RfWVYCUBNZ0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/TeWAmZaKQ_w\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Buffer overflow in Linksys WRT54GL\", \"providerMetadata\": {\"orgId\": \"01626437-bf8f-4d1c-912a-893b5eb04808\", \"shortName\": \"trellix\", \"dateUpdated\": \"2023-01-09T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.\"}], \"affected\": [{\"vendor\": \"Linksys\", \"product\": \"WRT54GL Wireless-G Broadband Router\", \"versions\": [{\"version\": \"Firmware\", \"status\": \"affected\", \"lessThanOrEqual\": \"4.30.18.006\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://youtu.be/73-1lhvJPNg\"}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\"}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Jessie Chick of Trellix ARC\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\"}}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\", \"cweId\": \"CWE-120\"}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"source\": {\"discovery\": \"EXTERNAL\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:47:05.265Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://youtu.be/73-1lhvJPNg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43970\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-09T14:25:37.571154Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-09T14:26:06.010Z\"}}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-43970\", \"assignerOrgId\": \"01626437-bf8f-4d1c-912a-893b5eb04808\", \"assignerShortName\": \"trellix\", \"dateUpdated\": \"2025-04-09T14:26:11.008Z\", \"dateReserved\": \"2022-10-28T00:00:00.000Z\", \"datePublished\": \"2023-01-09T00:00:00.000Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…