Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2766

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2766
Last Modified 15 Aug 2009 12:00:00
Published 14 Aug 2009 11:16:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2766

Summary

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

Vulnerable Systems

Application

  • Dd-wrt 24


References

MILW0RM - 9209

MISC - http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173


Last Updated: 27 May 2016 10:51:01