Home page logo
/

bugtraq logo Bugtraq mailing list archives

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
From: cyoung () tripwire com
Date: Fri, 12 Jul 2013 00:04:50 GMT

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell 
meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the 
router as the root user. Successful exploitation can result in system wide compromise or a denial of service condition 
depending on the commands being injected.

This bug was reported via the DD-WRT bug tracker on November 20, 2012 but there does not appear to be ongoing 
development in the project.


  By Date           By Thread  

Current thread:
  • CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2 cyoung (Jul 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]