cnvd - cnvd-2025-01712

cnvd-2025-01712

Vulnerability from cnvd

Title: Linksys WRT54GL缓冲区溢出漏洞

Description:

Linksys WRT54GL是美国Linksys公司的一款无线路由器。

Linksys WRT54GL Wireless-G Broadband Router存在缓冲区溢出漏洞。该漏洞源于httpd 二进制文件中 Start_EPI 函数中在处理不受信任的输入时出现边界错误，攻击者可利用该漏洞以root身份在底层Linux操作系统上执行任意命令。

Severity: 高

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.linksys.com/

Reference: https://youtu.be/73-1lhvJPNg

Impacted products

Name
Linksys WRT54GL <=4.30.18.006

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-43970",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-43970"
    }
  },
  "description": "Linksys WRT54GL\u662f\u7f8e\u56fdLinksys\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nLinksys WRT54GL Wireless-G Broadband Router\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8ehttpd \u4e8c\u8fdb\u5236\u6587\u4ef6\u4e2d Start_EPI \u51fd\u6570\u4e2d\u5728\u5904\u7406\u4e0d\u53d7\u4fe1\u4efb\u7684\u8f93\u5165\u65f6\u51fa\u73b0\u8fb9\u754c\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u8eab\u4efd\u5728\u5e95\u5c42Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.linksys.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-01712",
  "openTime": "2025-01-15",
  "products": {
    "product": "Linksys WRT54GL \u003c=4.30.18.006"
  },
  "referenceLink": "https://youtu.be/73-1lhvJPNg",
  "serverity": "\u9ad8",
  "submitTime": "2023-01-11",
  "title": "Linksys WRT54GL\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2022-43970 (GCVE-0-2022-43970)

Vulnerability from cvelistv5

Published

2023-01-09 00:00

Modified

2025-04-09 14:26

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Summary

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.

References

▼	URL	Tags
	https://youtu.be/73-1lhvJPNg
	https://youtu.be/TeWAmZaKQ_w
	https://youtu.be/RfWVYCUBNZ0

Impacted products

	Vendor	Product	Version
	Linksys	WRT54GL Wireless-G Broadband Router	Version: Firmware <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:47:05.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/73-1lhvJPNg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/TeWAmZaKQ_w"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://youtu.be/RfWVYCUBNZ0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T14:25:37.571154Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T14:26:11.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRT54GL Wireless-G Broadband Router",
          "vendor": "Linksys",
          "versions": [
            {
              "lessThanOrEqual": "4.30.18.006",
              "status": "affected",
              "version": "Firmware",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jessie Chick of Trellix ARC"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware \u003c= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-09T00:00:00.000Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "url": "https://youtu.be/73-1lhvJPNg"
        },
        {
          "url": "https://youtu.be/TeWAmZaKQ_w"
        },
        {
          "url": "https://youtu.be/RfWVYCUBNZ0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Buffer overflow in Linksys WRT54GL",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2022-43970",
    "datePublished": "2023-01-09T00:00:00.000Z",
    "dateReserved": "2022-10-28T00:00:00.000Z",
    "dateUpdated": "2025-04-09T14:26:11.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted