Jump to content
Matt

DD-WRT 24-sp2 CSRF / Command Injection

By Matt, in Exploituri

Recommended Posts

Matt Newbie

Matt

Posted
Posted

Description : DD-WRT suffers from cross site request forgery and remote command injection vulnerabilities.

Author : cyoung

Source : DD-WRT 24-sp2 CSRF / Command Injection ? Packet Storm

Code : 

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide compromise or a denial of service condition depending on the commands being injected.

This bug was reported via the DD-WRT bug tracker on November 20, 2012 but there does not appear to be ongoing development in the project.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...