| Max CVSS | 8.3 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-6975 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the
|
29-09-2017 - 01:33 | 14-08-2009 - 15:16 | |
| CVE-2008-6974 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2)
|
29-09-2017 - 01:33 | 14-08-2009 - 15:16 | |
| CVE-2009-2766 | 7.5 |
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
|
19-09-2017 - 01:29 | 14-08-2009 - 15:16 | |
| CVE-2009-2765 | 8.3 |
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
|
19-09-2017 - 01:29 | 14-08-2009 - 15:16 |