1. Home
  2. CVE Database
  3. CVE-2022-43970
HIGH · 7.2

CVE-2022-43970

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allo...

Vulnerability Description

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LinksysWrt54Gl Firmware<= 4.30.18.006
LinksysWrt54Gl-

Related Weaknesses (CWE)

CWE-120CWE-787

References

FAQ

What is CVE-2022-43970?

CVE-2022-43970 is a vulnerability with a CVSS score of 7.2 (HIGH). A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allo...

How severe is CVE-2022-43970?

CVE-2022-43970 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43970?

Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wrt54Gl Firmware, Linksys Wrt54Gl.