CVE-2026-42800
Analyzed Analyzed - Analysis Complete
NULL pointer dereference in ASR1903 on ASR Lapwing_Linux

Publication date: 2026-04-30

Last updated on: 2026-05-05

Assigner: ASR Microelectronics Co., Ltd.

Description
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42800
EUVD
EUVD-2026-26360
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
asrmicro asr1901_firmware to 1.225.003 (exc)
asrmicro asr1903_firmware to 1.225.003 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference issue found in the ASR1903 component of ASR Lapwing_Linux on Linux systems, specifically within the ims_client modules. It involves pointer manipulation in the program files located at sip/utils/src/sipuri.c.

Impact Analysis

Exploitation of this vulnerability can lead to a denial of service or potentially allow an attacker to manipulate the system's behavior. The CVSS score of 7.4 indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42800. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart