Vulnerability Description
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Wrt54Gl Firmware | <= 4.30.18.006 |
| Linksys | Wrt54Gl | - |
Related Weaknesses (CWE)
References
- https://youtu.be/73-1lhvJPNgExploitThird Party Advisory
- https://youtu.be/RfWVYCUBNZ0ExploitThird Party Advisory
- https://youtu.be/TeWAmZaKQ_wExploitThird Party Advisory
- https://youtu.be/73-1lhvJPNgExploitThird Party Advisory
- https://youtu.be/RfWVYCUBNZ0ExploitThird Party Advisory
- https://youtu.be/TeWAmZaKQ_wExploitThird Party Advisory
FAQ
What is CVE-2022-43973?
CVE-2022-43973 is a vulnerability with a CVSS score of 7.2 (HIGH). An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user inp...
How severe is CVE-2022-43973?
CVE-2022-43973 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43973?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wrt54Gl Firmware, Linksys Wrt54Gl.