DD-WRT Info.live.htm Information Disclosure

low Nessus Plugin ID 51394

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of DD-WRT installed on the remote device allows an unauthenticated, remote attacker to retrieve sensitive information about the router itself and any attached hosts, such as geolocation information, IP addresses, MAC addresses and host names, even if remote administration is disabled.

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2010/Dec/651

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=84931

Plugin Details

Severity: Low

ID: 51394

File Name: ddwrt_info_live.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 12/30/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 3.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 12/26/2010

Reference Information

BID: 45598