FKIE_CVE-2022-43973

Vulnerability from fkie_nvd - Published: 2023-01-09 21:15 - Updated: 2024-11-21 07:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.
References
trellixpsirt@trellix.comhttps://youtu.be/73-1lhvJPNgExploit, Third Party Advisory
trellixpsirt@trellix.comhttps://youtu.be/RfWVYCUBNZ0Exploit, Third Party Advisory
trellixpsirt@trellix.comhttps://youtu.be/TeWAmZaKQ_wExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/73-1lhvJPNgExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/RfWVYCUBNZ0Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/TeWAmZaKQ_wExploit, Third Party Advisory
Impacted products
Vendor Product Version
linksys wrt54gl_firmware *
linksys wrt54gl -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE",
              "versionEndIncluding": "4.30.18.006",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el router Linksys WRT54GL Wireless-G Broadband con firmware \u0026lt;= 4.30.18.006. La funci\u00f3n Check_TSSI dentro del binario httpd utiliza entradas de usuario no validadas en la construcci\u00f3n de un comando del sistema. Un atacante autenticado con privilegios de administrador puede aprovechar esta vulnerabilidad en la red mediante una solicitud POST maliciosa a /apply.cgi para ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root."
    }
  ],
  "id": "CVE-2022-43973",
  "lastModified": "2024-11-21T07:27:27.560",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-09T21:15:10.997",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/73-1lhvJPNg"
    },
    {
      "source": "trellixpsirt@trellix.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/RfWVYCUBNZ0"
    },
    {
      "source": "trellixpsirt@trellix.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/TeWAmZaKQ_w"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/73-1lhvJPNg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/RfWVYCUBNZ0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://youtu.be/TeWAmZaKQ_w"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "trellixpsirt@trellix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.