CVE-2020-13976
Last modified
CVE-2020-13976 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. EPSS estimates a 1.77% chance of exploitation in the next 30 days.
Description
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dd-Wrt | Dd-Wrt | <= 16214 |
References
- https://svn.dd-wrt.com/ticket/7039Exploit, Vendor Advisory
- https://svn.dd-wrt.com/ticket/7039Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13976?
How severe is CVE-2020-13976?
How do I fix CVE-2020-13976?
Are you affected by CVE-2020-13976?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST