CVE-2022-43973 HIGH

CVE-2022-43973: Arbitrary code execution in Linksys WRT54GL

Vendor Linksys

Product WRT54GL Wireless-G Broadband Router

Weakness CWE-78

Published January 9, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.

Key dates

02Disclosure timeline

January 9, 2023 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43973 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2022-43973

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions