3 matches found
CVE-2012-6297
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service...
CVE-2012-6297
CVE-2012-6297 concerns DD-WRT v24-sp2, where a CSRF flaw allows command injection via specially crafted configuration values containing shell meta-characters. The vulnerability enables a remote attacker (authenticated client) to execute commands as root, with potential system-wide compromise or a...
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...