Vulnerabilities > CVE-2022-43972 - NULL Pointer Dereference vulnerability in Linksys Wrt54Gl Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

linksys

CWE-476

NVD

Published: 2023-01-09

Updated: 2023-01-13

Summary

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.

Vulnerable Configurations

Part	Description	Count
OS	Linksys Linksys Wrt54Gl Firmware *	1
Hardware	Linksys Linksys Wrt54Gl -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://youtu.be/73-1lhvJPNg
https://youtu.be/TeWAmZaKQ_w
https://youtu.be/RfWVYCUBNZ0