First published: Mon Jan 09 2023(Updated: )
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.
Credit: trellixpsirt@trellix.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Wrt54gl Firmware | <=4.30.18.006 | |
Linksys WRT54GL | ||
All of | ||
Linksys Wrt54gl Firmware | <=4.30.18.006 | |
Linksys WRT54GL |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-43973.
The severity of CVE-2022-43973 is high, with a severity value of 7.2.
The affected software for CVE-2022-43973 is Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.
The vulnerability CVE-2022-43973 allows arbitrary code execution by exploiting the unvalidated user input in the Check_TSSI function within the httpd binary.
Yes, an authenticated attacker with administrator privileges is required to exploit CVE-2022-43973.