Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[CVE-2012-6297] DD-WRT v24-sp2 Command Injection
Oct 27 2013 06:23PM
Craig Young (vuln-report secur3 us)
Unfortunately command injections like the NETGEAR one Zachary Cutlip
and I both came across are all too common in embedded systems.
Similar to NETGEAR and Linksys having commands injected when running
ping, I have also noticed that DD-WRT v24-sp2 is prone to command
injection from specially crafted...
[ more ]
Copyright 2010, SecurityFocus