CVE-2009-2765

Exploit

EPSS 82.5%
Veröffentlicht 14.08.2009 15:16:27
Zuletzt bearbeitet 16.06.2026 23:10:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dd-wrt ≫ Dd-wrt Updatesp1 Version <= 24

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	82.5%	0.996

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173

Exploit

http://isc.sans.org/diary.html?storyid=6853

Patch

http://metasploit.com/svn/framework3/trunk/modules/exploits/linux/http/ddwrt_cgibin_exec.rb

Exploit

http://securitytracker.com/id?1022596

http://www.dd-wrt.com/

Patch

Vendor Advisory

http://www.exploit-db.com/exploits/9209

http://www.osvdb.org/55990

http://www.securityfocus.com/bid/35742

Exploit

http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/

https://nvd.nist.gov/vuln/detail/CVE-2009-2765

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2765

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2765

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2009-2765