CVE-2008-6974
- EPSS 4.68%
- Veröffentlicht 14.08.2009 15:16:27
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2)...
CVE-2008-6975
- EPSS 0.55%
- Veröffentlicht 14.08.2009 15:16:27
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the ...
CVE-2009-2765
- EPSS 91.68%
- Veröffentlicht 14.08.2009 15:16:27
- Zuletzt bearbeitet 09.04.2025 00:30:58
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
CVE-2009-2766
- EPSS 1.41%
- Veröffentlicht 14.08.2009 15:16:27
- Zuletzt bearbeitet 09.04.2025 00:30:58
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.