BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2 Jul 12 2013 12:04AM
cyoung tripwire com
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide com...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus