Lucene search

[email protected]CVE-2009-2766

HistoryAug 14, 2009 - 3:16 p.m.

CVE-2009-2766

2009-08-1415:16:27

CWE-264

[email protected]

web.nvd.nist.gov

dd-wrt

24 sp1

httpd

management gui

remote attackers

settings

http requests

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

Affected configurations

NVD

Node

dd-wrtdd-wrtMatch24sp1

CPENameOperatorVersion
dd-wrt:dd-wrtdd-wrteq24

CPE	Name	Operator	Version
dd-wrt:dd-wrt	dd-wrt	eq	24

References

www.dd-wrt.com/phpBB2/viewtopic.php?t=55173

www.exploit-db.com/exploits/9209

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2009-2766

prion1 nvd1 cvelist1