DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

An attacker can execute arbitrary code on the remote router.

Description :

The remote web server is vulnerable to a command injection attack that
may allow an attacker to execute arbitrary commands on the remote server
(usually with root privileges).
An attacker can exploit this flaw to take complete ownership of the
remote device.

See also :

http://www.dd-wrt.com/dd-wrtv3/index.php
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 40353 (ddwrt_cgibin_cmd_exec.nasl)

Bugtraq ID: 35742

CVE ID: CVE-2009-2765

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial