CVE-2022-43973 (GCVE-0-2022-43973)
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2025-04-09 14:20
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.
References
trellixpsirt@trellix.comhttps://youtu.be/73-1lhvJPNgExploit, Third Party Advisory
trellixpsirt@trellix.comhttps://youtu.be/RfWVYCUBNZ0Exploit, Third Party Advisory
trellixpsirt@trellix.comhttps://youtu.be/TeWAmZaKQ_wExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/73-1lhvJPNgExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/RfWVYCUBNZ0Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://youtu.be/TeWAmZaKQ_wExploit, Third Party Advisory
Impacted products
Vendor Product Version
Linksys WRT54GL Wireless-G Broadband Router Version: Firmware   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:47:04.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/73-1lhvJPNg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/TeWAmZaKQ_w"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/RfWVYCUBNZ0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T14:19:02.848808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T14:20:48.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRT54GL Wireless-G Broadband Router",
          "vendor": "Linksys",
          "versions": [
            {
              "lessThanOrEqual": "4.30.18.006",
              "status": "affected",
              "version": "Firmware",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jessie Chick of Trellix ARC"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-09T00:00:00.000Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "url": "https://youtu.be/73-1lhvJPNg"
        },
        {
          "url": "https://youtu.be/TeWAmZaKQ_w"
        },
        {
          "url": "https://youtu.be/RfWVYCUBNZ0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary code execution in Linksys WRT54GL",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2022-43973",
    "datePublished": "2023-01-09T00:00:00.000Z",
    "dateReserved": "2022-10-28T00:00:00.000Z",
    "dateUpdated": "2025-04-09T14:20:48.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43973\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2023-01-09T21:15:10.997\",\"lastModified\":\"2024-11-21T07:27:27.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el router Linksys WRT54GL Wireless-G Broadband con firmware \u0026lt;= 4.30.18.006. La funci\u00f3n Check_TSSI dentro del binario httpd utiliza entradas de usuario no validadas en la construcci\u00f3n de un comando del sistema. Un atacante autenticado con privilegios de administrador puede aprovechar esta vulnerabilidad en la red mediante una solicitud POST maliciosa a /apply.cgi para ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.30.18.006\",\"matchCriteriaId\":\"AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AA9149-2F72-4585-8A41-66AE3D573197\"}]}]}],\"references\":[{\"url\":\"https://youtu.be/73-1lhvJPNg\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/RfWVYCUBNZ0\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/TeWAmZaKQ_w\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/73-1lhvJPNg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/RfWVYCUBNZ0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://youtu.be/TeWAmZaKQ_w\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Arbitrary code execution in Linksys WRT54GL\", \"providerMetadata\": {\"orgId\": \"01626437-bf8f-4d1c-912a-893b5eb04808\", \"shortName\": \"trellix\", \"dateUpdated\": \"2023-01-09T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.\"}], \"affected\": [{\"vendor\": \"Linksys\", \"product\": \"WRT54GL Wireless-G Broadband Router\", \"versions\": [{\"version\": \"Firmware\", \"status\": \"affected\", \"lessThanOrEqual\": \"4.30.18.006\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://youtu.be/73-1lhvJPNg\"}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\"}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Jessie Chick of Trellix ARC\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\"}}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\", \"cweId\": \"CWE-78\"}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"source\": {\"discovery\": \"EXTERNAL\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:47:04.537Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://youtu.be/73-1lhvJPNg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://youtu.be/TeWAmZaKQ_w\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://youtu.be/RfWVYCUBNZ0\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43973\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-09T14:19:02.848808Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-09T14:20:33.563Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-43973\", \"assignerOrgId\": \"01626437-bf8f-4d1c-912a-893b5eb04808\", \"assignerShortName\": \"trellix\", \"dateUpdated\": \"2025-04-09T14:20:48.368Z\", \"dateReserved\": \"2022-10-28T00:00:00.000Z\", \"datePublished\": \"2023-01-09T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.