Back to search
CVE-2009-2766
Published: Aug 14, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
9209
exploit
x_refsource_EXPLOIT-DB
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now