Vulnerabilities > DD WRT
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-05 | CVE-2022-27631 | Out-of-bounds Write vulnerability in Dd-Wrt A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. | 9.8 |
2020-06-09 | CVE-2020-13976 | OS Command Injection vulnerability in Dd-Wrt 16214/24 An issue was discovered in DD-WRT through 16214. | 8.8 |
2020-02-06 | CVE-2012-6297 | Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt 24 Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. | 9.3 |
2009-08-14 | CVE-2009-2766 | Permissions, Privileges, and Access Controls vulnerability in Dd-Wrt 24 httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests. | 7.5 |
2009-08-14 | CVE-2009-2765 | Improper Input Validation vulnerability in Dd-Wrt httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI. | 8.3 |
2009-08-14 | CVE-2008-6975 | Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt 24 Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. | 6.8 |
2009-08-14 | CVE-2008-6974 | Cross-Site Request Forgery (CSRF) vulnerability in Dd-Wrt Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. | 6.8 |