Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
Jul 12 2013 12:04AM
cyoung tripwire com
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide com...
[ more ]
Copyright 2010, SecurityFocus