CVE-2026-42800
Analyzed Analyzed - Analysis Complete

NULL pointer dereference in ASR1903 on ASR Lapwing_Linux

Vulnerability report for CVE-2026-42800, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-05-05

Assigner: ASR Microelectronics Co., Ltd.

Description

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-05-05
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
asrmicro asr1901_firmware to 1.225.003 (exc)
asrmicro asr1903_firmware to 1.225.003 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference issue found in the ASR1903 component of ASR Lapwing_Linux on Linux systems, specifically within the ims_client modules. It involves pointer manipulation in the program files located at sip/utils/src/sipuri.c.

Impact Analysis

Exploitation of this vulnerability can lead to a denial of service or potentially allow an attacker to manipulate the system's behavior. The CVSS score of 7.4 indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42800. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart