CVE-2026-42800
Analyzed
Analyzed - Analysis Complete
NULL pointer dereference in ASR1903 on ASR Lapwing_Linux
Publication date: 2026-04-30
Last updated on: 2026-05-05
Assigner: ASR Microelectronics Co., Ltd.
Description
Description
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/sipuri.c.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asrmicro | asr1901_firmware | to 1.225.003 (exc) |
| asrmicro | asr1903_firmware | to 1.225.003 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference issue found in the ASR1903 component of ASR Lapwing_Linux on Linux systems, specifically within the ims_client modules. It involves pointer manipulation in the program files located at sip/utils/src/sipuri.c.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a denial of service or potentially allow an attacker to manipulate the system's behavior. The CVSS score of 7.4 indicates a high severity with impacts on confidentiality, integrity, and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70