Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dd-wrt dd-wrt vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-13976
An issue exists in DD-WRT up to and including 16214. The Diagnostic page allows remote malicious users to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider th...
Dd-wrt Dd-wrt
NA
CVE-2022-27631
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Dd-wrt Dd-wrt
690
VMScore
CVE-2008-6974
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the ad...
Dd-wrt Dd-wrt
2 EDB exploits
845
VMScore
CVE-2009-2765
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote malicious users to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
Dd-wrt Dd-wrt
3 EDB exploits
828
VMScore
CVE-2012-6297
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
Dd-wrt Dd-wrt 24
755
VMScore
CVE-2009-2766
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote malicious users to change settings via HTTP requests.
Dd-wrt Dd-wrt 24
1 EDB exploit
690
VMScore
CVE-2008-6975
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentia...
Dd-wrt Dd-wrt 24
2 EDB exploits
NA
CVE-2021-27137
DD-WRT UPNP Buffer Overflow. DD-WRT is “is Linux-based firmware for wireless routers and access points. Originally designed for the Linksys WRT54G series, it now runs on a wide variety of models”. Use of user supplied data, arriving via UPNP packet, is copied into an ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started