First published: Mon Jan 09 2023(Updated: )
A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.
Credit: trellixpsirt@trellix.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Wrt54gl Firmware | <=4.30.18.006 | |
Linksys WRT54GL | ||
All of | ||
Linksys Wrt54gl Firmware | <=4.30.18.006 | |
Linksys WRT54GL |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43972 is a null pointer dereference vulnerability in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.
The severity of CVE-2022-43972 is high with a CVSS score of 7.5.
CVE-2022-43972 affects Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.
An unauthenticated attacker can exploit CVE-2022-43972 by sending a malicious POST request invoking the AddPort function.
There is no information available on a fix for CVE-2022-43972 at the moment.