Описание
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Permissions Required
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:dd-wrt:dd-wrt:24:sp2:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00653
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service.
EPSS
Процентиль: 70%
0.00653
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-352