CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-43973

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.9%

CVSS Severity

CVSS v3 Score 7.2

References

https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w
https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w

Products affected by CVE-2022-43973

Linksys » Wrt54gl » Version: N/A

cpe:2.3:h:linksys:wrt54gl:-
Linksys » Wrt54gl Firmware » Version: N/A

cpe:2.3:o:linksys:wrt54gl_firmware:-
Linksys » Wrt54gl Firmware » Version: 4.30.18.006

cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18.006

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43973

Products

Pricing

Contact Us