CVE-2022-43972 - Vulnerability Details - OpenCVE

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linksys	Wrt54gl Wrt54gl Firmware

Configuration 1 [-]

AND

cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://youtu.be/73-1lhvJPNg
https://youtu.be/RfWVYCUBNZ0
https://youtu.be/TeWAmZaKQ_w

History

Wed, 09 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-01-09T00:00:00.000Z

Updated: 2025-04-09T14:22:24.605Z

Reserved: 2022-10-28T00:00:00.000Z

Link: CVE-2022-43972

Vulnrichment

Updated: 2024-08-03T13:47:05.079Z

NVD

Status : Modified

Published: 2023-01-09T21:15:10.920

Modified: 2024-11-21T07:27:27.420

Link: CVE-2022-43972

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43972", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "dateUpdated": "2025-04-09T14:22:24.605Z", "dateReserved": "2022-10-28T00:00:00.000Z", "datePublished": "2023-01-09T00:00:00.000Z"}, "containers": {"cna": {"title": "Null pointer dereference in Linksys WRT54GL", "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-01-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action."}], "affected": [{"vendor": "Linksys", "product": "WRT54GL Wireless-G Broadband Router", "versions": [{"version": "Firmware", "status": "affected", "lessThanOrEqual": "4.30.18.006", "versionType": "custom"}]}], "references": [{"url": "https://youtu.be/73-1lhvJPNg"}, {"url": "https://youtu.be/TeWAmZaKQ_w"}, {"url": "https://youtu.be/RfWVYCUBNZ0"}], "credits": [{"lang": "en", "value": "Jessie Chick of Trellix ARC"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "cweId": "CWE-476"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:05.079Z"}, "title": "CVE Program Container", "references": [{"url": "https://youtu.be/73-1lhvJPNg", "tags": ["x_transferred"]}, {"url": "https://youtu.be/TeWAmZaKQ_w", "tags": ["x_transferred"]}, {"url": "https://youtu.be/RfWVYCUBNZ0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T14:21:57.291460Z", "id": "CVE-2022-43972", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:22:24.605Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43972", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "dateUpdated": "2025-04-09T14:22:24.605Z", "dateReserved": "2022-10-28T00:00:00.000Z", "datePublished": "2023-01-09T00:00:00.000Z"}, "containers": {"cna": {"title": "Null pointer dereference in Linksys WRT54GL", "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-01-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action."}], "affected": [{"vendor": "Linksys", "product": "WRT54GL Wireless-G Broadband Router", "versions": [{"version": "Firmware", "status": "affected", "lessThanOrEqual": "4.30.18.006", "versionType": "custom"}]}], "references": [{"url": "https://youtu.be/73-1lhvJPNg"}, {"url": "https://youtu.be/TeWAmZaKQ_w"}, {"url": "https://youtu.be/RfWVYCUBNZ0"}], "credits": [{"lang": "en", "value": "Jessie Chick of Trellix ARC"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "cweId": "CWE-476"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:47:05.079Z"}, "title": "CVE Program Container", "references": [{"url": "https://youtu.be/73-1lhvJPNg", "tags": ["x_transferred"]}, {"url": "https://youtu.be/TeWAmZaKQ_w", "tags": ["x_transferred"]}, {"url": "https://youtu.be/RfWVYCUBNZ0", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T14:21:57.291460Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T14:22:08.769Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC08DC7C-7FBB-4CD6-89F1-7F4997BC9CAE", "versionEndIncluding": "4.30.18.006", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*", "matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action."}, {"lang": "es", "value": "Existe una vulnerabilidad de desreferencia de puntero nulo en el router Linksys WRT54GL Wireless-G Broadband con firmware <= 4.30.18.006. Un atacante no autenticado puede desencadenar una desreferencia de puntero nulo en la funci\u00f3n SOAP_action dentro del binario upnp a trav\u00e9s de una solicitud POST maliciosa que invoca la acci\u00f3n AddPortMapping."}], "id": "CVE-2022-43972", "lastModified": "2024-11-21T07:27:27.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-09T21:15:10.920", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/73-1lhvJPNg"}, {"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/RfWVYCUBNZ0"}, {"source": "trellixpsirt@trellix.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/TeWAmZaKQ_w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/73-1lhvJPNg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/RfWVYCUBNZ0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/TeWAmZaKQ_w"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}