QwikSec

Security Database

CVE

CWE

Training

CVE-2008-6974

Published: Aug 14, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

mailing-list

x_refsource_BUGTRAQ

20081210 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

mailing-list

x_refsource_BUGTRAQ

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173

x_refsource_MISC

20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)

mailing-list

x_refsource_BUGTRAQ

20081208 Multiple XSRF in DD-WRT (Remote Root Command Execution)

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.