CVE

Id
37092  
CVE No.
CVE-2008-6975  
Status
Candidate  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.  
Phase
Assigned (20090814)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
403102 37092 CVE-2008-6975 BUGTRAQ:20081208 Multiple XSRF in DD-WRT (Remote Root Command Execution)  View
403103 37092 CVE-2008-6975 URL:http://www.securityfocus.com/archive/1/499024  View
403104 37092 CVE-2008-6975 BUGTRAQ:20081210 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)  View
403105 37092 CVE-2008-6975 URL:http://www.securityfocus.com/archive/1/499119  View
403106 37092 CVE-2008-6975 BUGTRAQ:20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)  View
403107 37092 CVE-2008-6975 URL:http://www.securityfocus.com/archive/1/499135  View
403108 37092 CVE-2008-6975 MILW0RM:9209  View
403109 37092 CVE-2008-6975 URL:http://www.milw0rm.com/exploits/9209  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
43323 JVNDB-2009-004330 phpAdultSite CMS の as_archives.php におけるクロスサイトスクリプティングの脆弱性 phpAdultSite CMS の as_archives.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-6979 37092 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004330.html  View