Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dd-wrt dd-wrt vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-13976
An issue exists in DD-WRT up to and including 16214. The Diagnostic page allows remote malicious users to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider th...
Dd-wrt Dd-wrt
9.8
CVSSv3
CVE-2022-27631
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Dd-wrt Dd-wrt
NA
CVE-2009-2765
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote malicious users to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
Dd-wrt Dd-wrt
3 EDB exploits
NA
CVE-2008-6974
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the ad...
Dd-wrt Dd-wrt
2 EDB exploits
8.8
CVSSv3
CVE-2012-6297
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
Dd-wrt Dd-wrt 24
NA
CVE-2008-6975
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote malicious users to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentia...
Dd-wrt Dd-wrt 24
2 EDB exploits
NA
CVE-2009-2766
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote malicious users to change settings via HTTP requests.
Dd-wrt Dd-wrt 24
1 EDB exploit
NA
CVE-2021-27137
DD-WRT UPNP Buffer Overflow. DD-WRT is “is Linux-based firmware for wireless routers and access points. Originally designed for the Linksys WRT54G series, it now runs on a wide variety of models”. Use of user supplied data, arriving via UPNP packet, is copied into an ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started