Signature Detail

HTTP: DD-WRT Cross-Site Request Forgery

This signature detects attempts to exploit a known vulnerability in DD-WRT. An attacker may craft a url that when followed by a user can modify arbitrary records in the database, including user accounts and administrator privileges. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can login to the administrator console with the created account and execute commands with the privileges of the affected service.

Extended Description

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.

Affected Products

• dd-wrt up to 24 (sp1)

References

• CVE: CVE-2008-6974