CVE-2008-6974

EPSS 1.5%

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/9209unverified exploitdbwww.exploit-db.com/exploits/7389unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/9209 http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 http://www.securityfocus.com/archive/1/499024 http://www.securityfocus.com/archive/1/499119 http://www.securityfocus.com/archive/1/499132 http://www.securityfocus.com/archive/1/499135