Null pointer dereference in Linksys WRT54GL

CVE-2022-43972

6.5MEDIUM

Key Information

Vendor
Linksys
Status
Wrt54gl Wireless-g Broadband Router
Vendor
CVE Published:
9 January 2023

Summary

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.

Affected Version(s)

WRT54GL Wireless-G Broadband Router <= 4.30.18.006

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Jessie Chick of Trellix ARC
.