CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-43972

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 72.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w
https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w

Products affected by CVE-2022-43972

Linksys » Wrt54gl » Version: N/A

cpe:2.3:h:linksys:wrt54gl:-
Linksys » Wrt54gl Firmware » Version: N/A

cpe:2.3:o:linksys:wrt54gl_firmware:-
Linksys » Wrt54gl Firmware » Version: 4.30.18.006

cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18.006

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43972

Products

Pricing

Contact Us