DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability Network Vulnerability

Summary

DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Impact

Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device.

Solution

Vendor fixes are available.

Insight

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI

Affected

DD-WRT v24-sp1 is affected other versions may also be vulnerable.

Detection

Try to execute the 'id' command via HTTP GET request.

References

http://dd-wrt.com/dd-wrtv3/index.php
http://www.dd-wrt.com
http://www.heise.de/ct/artikel/Aufstand-der-Router-1960334.html
http://www.securityfocus.com/bid/35742

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2765
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
4psa Voipnow Local File Inclusion Vulnerability

Take action and discover your vulnerabilities