Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:LINUX:DD-WRT-MGMT-GUI |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
DD-WRT Management GUI HTTP Daemon Arbitrary Command Execution |
Release Date |
2012/08/24 |
Update Number |
2178 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: DD-WRT Management GUI HTTP Daemon Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability against httpd daemon in DD-WRT. A successful attack can lead to arbitrary code execution.
Extended Description
DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device. DD-WRT v24-sp1 is affected; other versions may also be vulnerable.
Affected Products
- Dd-wrt dd-wrt v24
- Dd-wrt dd-wrt v24-sp1
- Dd-wrt dd-wrt v24.sp1
References
- BugTraq: 94819
- BugTraq: 35742
- CVE: CVE-2009-2765
- CVE: CVE-2016-6277