CVE-2008-6974
Last modified
CVE-2008-6974 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.. EPSS estimates a 1.45% chance of exploitation in the next 30 days.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Dd-Wrt | Dd-Wrt | <= 24 | Sp1 |
References
- http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173Exploit, Vendor Advisory
- http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-6974?
How severe is CVE-2008-6974?
How do I fix CVE-2008-6974?
Are you affected by CVE-2008-6974?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST