Summary
DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
Impact
Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device.
Solution
Vendor fixes are available.
Insight
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI
Affected
DD-WRT v24-sp1 is affected
other versions may also be vulnerable.
Detection
Try to execute the 'id' command via HTTP GET request.
References
Severity
Classification
-
CVE CVE-2009-2765 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- Adobe ColdFusion Directory Traversal Vulnerability
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities