Buffer overflow in Linksys WRT54GL

CVE-2022-43970

7.2HIGH

Key Information

Vendor: Linksys
Status: Wrt54gl Wireless-g Broadband Router
Vendor: CVE Published:; 9 January 2023

Summary

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

Affected Version(s)

WRT54GL Wireless-G Broadband Router <= 4.30.18.006

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 9, 2023
Vulnerability Reserved.
Oct 28, 2022

Collectors

NVD DatabaseMitre Database

Credit

Jessie Chick of Trellix ARC