Short Name |
HTTP:LINUX:DD-WRT-MGMT-GUI |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
DD-WRT Management GUI HTTP Daemon Arbitrary Command Execution |
Release Date |
2012/08/24 |
Update Number |
2178 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against httpd daemon in DD-WRT. A successful attack can lead to arbitrary code execution.
DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device. DD-WRT v24-sp1 is affected; other versions may also be vulnerable.