← back
CVE-2008-6975

CVE-2008-6975

EPSS 1.3%
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/9209unverifiedexploitdbwww.exploit-db.com/exploits/7389unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/9209http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173http://www.securityfocus.com/archive/1/499024http://www.securityfocus.com/archive/1/499119http://www.securityfocus.com/archive/1/499135