CVE-2022-43970 - Vulnerability Details - OpenCVE

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03511.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Linksys	Wrt54gl Wrt54gl Firmware

Configuration 1 [-]

AND

cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-46938	A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w

History

Wed, 09 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-01-09T00:00:00.000Z

Updated: 2025-04-09T14:26:11.008Z

Reserved: 2022-10-28T00:00:00.000Z

Link: CVE-2022-43970

Vulnrichment

Updated: 2024-08-03T13:47:05.265Z

NVD

Status : Modified

Published: 2023-01-09T21:15:10.750

Modified: 2024-11-21T07:27:27.067

Link: CVE-2022-43970

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43970", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "dateUpdated": "2025-04-09T14:26:11.008Z", "dateReserved": "2022-10-28T00:00:00.000Z", "datePublished": "2023-01-09T00:00:00.000Z"}, "containers": {"cna": {"title": "Buffer overflow in Linksys WRT54GL", "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-01-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."}], "affected": [{"vendor": "Linksys", "product": "WRT54GL Wireless-G Broadband Router", "versions": [{"version": "Firmware", "status": "affected", "lessThanOrEqual": "4.30.18.006", "versionType": "custom"}]}], "references": [{"url": "https://youtu.be/73-1lhvJPNg"}, {"url": "https://youtu.be/TeWAmZaKQ_w"}, {"url": "https://youtu.be/RfWVYCUBNZ0"}], "credits": [{"lang": "en", "value": "Jessie Chick of Trellix ARC"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:05.265Z"}, "title": "CVE Program Container", "references": [{"url": "https://youtu.be/73-1lhvJPNg", "tags": ["x_transferred"]}, {"url": "https://youtu.be/TeWAmZaKQ_w", "tags": ["x_transferred"]}, {"url": "https://youtu.be/RfWVYCUBNZ0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T14:25:37.571154Z", "id": "CVE-2022-43970", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:26:11.008Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43970", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "dateUpdated": "2025-04-09T14:26:11.008Z", "dateReserved": "2022-10-28T00:00:00.000Z", "datePublished": "2023-01-09T00:00:00.000Z"}, "containers": {"cna": {"title": "Buffer overflow in Linksys WRT54GL", "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-01-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."}], "affected": [{"vendor": "Linksys", "product": "WRT54GL Wireless-G Broadband Router", "versions": [{"version": "Firmware", "status": "affected", "lessThanOrEqual": "4.30.18.006", "versionType": "custom"}]}], "references": [{"url": "https://youtu.be/73-1lhvJPNg"}, {"url": "https://youtu.be/TeWAmZaKQ_w"}, {"url": "https://youtu.be/RfWVYCUBNZ0"}], "credits": [{"lang": "en", "value": "Jessie Chick of Trellix ARC"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:05.265Z"}, "title": "CVE Program Container", "references": [{"url": "https://youtu.be/73-1lhvJPNg", "tags": ["x_transferred"]}, {"url": "https://youtu.be/TeWAmZaKQ_w", "tags": ["x_transferred"]}, {"url": "https://youtu.be/RfWVYCUBNZ0", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43970", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-09T14:25:37.571154Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:26:06.010Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE", "versionEndIncluding": "4.30.18.006", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n Start_EPI dentro del binario httpd permite a un atacante autenticado con privilegios de administrador ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root. Esta vulnerabilidad se puede activar a trav\u00e9s de la red mediante una solicitud POST maliciosa a /apply.cgi."}], "id": "CVE-2022-43970", "lastModified": "2024-11-21T07:27:27.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-09T21:15:10.750", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/73-1lhvJPNg"}, {"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/RfWVYCUBNZ0"}, {"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/TeWAmZaKQ_w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/73-1lhvJPNg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/RfWVYCUBNZ0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/TeWAmZaKQ_w"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}