Описание
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dd-wrt:dd-wrt:24:sp1:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01411
Низкий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
EPSS
Процентиль: 80%
0.01411
Низкий
7.5 High
CVSS2
Дефекты
CWE-264