Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29551
HistoryJul 15, 2013 - 12:00 a.m.

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

2013-07-1500:00:00
vulners.com
88

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide compromise or a denial of service condition depending on the commands being injected.

This bug was reported via the DD-WRT bug tracker on November 20, 2012 but there does not appear to be ongoing development in the project.