Vulnerability Details : CVE-2009-2765
Public exploit exists!
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
Products affected by CVE-2009-2765
- cpe:2.3:a:dd-wrt:dd-wrt:*:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2765
92.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-2765
-
DD-WRT HTTP Daemon Arbitrary Command Execution
Disclosure Date: 2009-07-20First seen: 2020-04-26exploit/linux/http/ddwrt_cgibin_execThis module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account. Authors: - gat3way - hdm <x
CVSS scores for CVE-2009-2765
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST |
CWE ids for CVE-2009-2765
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2765
-
http://securitytracker.com/id?1022596
-
http://metasploit.com/svn/framework3/trunk/modules/exploits/linux/http/ddwrt_cgibin_exec.rb
Exploit
-
http://www.dd-wrt.com/
Patch;Vendor Advisory
-
http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/
-
http://www.securityfocus.com/bid/35742
DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection VulnerabilityExploit
-
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173
DD-WRT :: View topic - DD-WRT Root exploit posted todayExploit
-
http://www.exploit-db.com/exploits/9209
-
http://www.osvdb.org/55990
-
http://isc.sans.org/diary.html?storyid=6853
Patch
Jump to