Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/sipuri.c.
AnalysisAI
NULL pointer dereference in ASR Lapwing Linux's IMS client (sipuri.c) allows authenticated remote attackers to trigger service crashes and potentially execute code with changed scope. The vulnerability exists in the SIP URI parsing logic of the ASR1903 hardware platform's ims_client module. With CVSS 7.4 and scope change to Container, successful exploitation enables lateral impact beyond the vulnerable component. No CISA KEV listing or public exploit code identified at time of analysis, though EPSS data unavailable.
Technical ContextAI
This vulnerability affects the IMS (IP Multimedia Subsystem) client implementation in ASR Lapwing Linux, specifically within the SIP (Session Initiation Protocol) URI parsing routine in sip/utils/src/sipuri.c. CWE-476 (NULL Pointer Dereference) indicates the code fails to validate pointer values before dereferencing, causing the application to access memory at the null address when processing malformed SIP URIs. The ASR1903 appears to be a network routing/switching platform running a custom Linux distribution (Lapwing Linux) with telephony/VoIP capabilities. The CPE string indicates this is vendor-specific software from ASR Micro rather than a widely-used open-source SIP stack, limiting the scope to ASR hardware deployments. The scope change metric (S:C) in CVSS suggests the vulnerability crosses trust boundaries, potentially from IMS client context into system or kernel space.
RemediationAI
Consult the ASR Product Security Incident Response Team (PSIRT) advisory at https://www.asrmicro.com/en/goods/psirt?cid=44 for vendor-released patches or firmware updates for ASR1903 devices running Lapwing Linux. Exact fixed version not confirmed from available data-verify current patch status directly with ASR support. If patches are unavailable or cannot be immediately applied, implement these compensating controls: restrict network access to IMS client interfaces using firewall rules to trusted SIP trunks and authenticated peers only, reducing exposure to low-trust networks; disable IMS/VoIP functionality entirely on ASR1903 devices if not operationally required, eliminating the attack surface; implement strict authentication controls and monitor for suspicious SIP INVITE/REGISTER traffic patterns targeting the ims_client service; deploy network-based SIP application layer gateways to validate and sanitize SIP URIs before they reach vulnerable ASR devices, though this adds latency and complexity to VoIP call flows. Trade-offs: Disabling IMS breaks telephony features. Network filtering may block legitimate but non-standard SIP URI formats. Application gateways introduce single points of failure.
More in Lapwing Linux
View allOut-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lz
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with pr
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat mod
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Ex
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with p
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr compon
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26360