CVE-2022-43970

Name of the Vulnerable Software and Affected Versions Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006

Description A buffer overflow issue exists, allowing an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This can be triggered over the network via a malicious POST request to the /apply.cgi endpoint. The vulnerability is specifically related to a stack-based buffer overflow in the Start EPI function within the httpd binary.

Recommendations For versions <= 4.30.18.006, as a temporary workaround, consider restricting access to the /apply.cgi endpoint until a patch is available. Additionally, limiting administrator privileges can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.