vendor:
Wireless Gateways
by:
gat3way, hdm
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Wireless Gateways
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2009-2765
CPE: N/A
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=40353, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/linux/http/ddwrt_cgibin_exec, https://www.infosecmatter.com/nessus-plugin-library/?id=63402, https://www.infosecmatter.com/nessus-plugin-library/?id=156994, https://www.infosecmatter.com/list-of-metasploit-linux-exploits-detailed-spreadsheet/
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unix
2009
DD-WRT HTTP Daemon Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account.
Mitigation:
Ensure that user input is properly validated and sanitized before being used in a command.