CVE-2022-43973

Name of the Vulnerable Software and Affected Versions Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006

Description An arbitrary code execution issue exists due to the Check TSSI function within the httpd binary using unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can exploit this over the network via a malicious POST request to "/apply.cgi" to execute arbitrary commands on the underlying Linux operating system as root.

Recommendations For Linksys WRT54GL Wireless-G Broadband Router versions <= 4.30.18.006, consider disabling the Check TSSI function as a temporary workaround until a patch is available. Restrict access to the "/apply.cgi" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.