 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.103792 |
| Categoría: | Web application abuses |
| Título: | DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability |
| Resumen: | DD-WRT is prone to a remote command-injection vulnerability because it;fails to adequately sanitize user-supplied input data. |
| Descripción: | Summary: DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Vulnerability Insight: httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI Vulnerability Impact: Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device. Affected Software/OS: DD-WRT v24-sp1 is affected. Other versions may also be vulnerable. Solution: Vendor fixes are available. CVSS Score: 8.3 CVSS Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2765 BugTraq ID: 35742 http://www.securityfocus.com/bid/35742 http://www.exploit-db.com/exploits/9209 http://isc.sans.org/diary.html?storyid=6853 http://metasploit.com/svn/framework3/trunk/modules/exploits/linux/http/ddwrt_cgibin_exec.rb http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/ http://www.osvdb.org/55990 http://securitytracker.com/id?1022596 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |