NVD

Id
6706  
Name
CVE-2008-6975  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2009-08-14  
Modified Date
2009-08-18  
Seq
2008-6975  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
38439 6706 CVE-2008-6975 http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173  View
38440 6706 CVE-2008-6975 9209  View
38441 6706 CVE-2008-6975 20081208 Multiple XSRF in DD-WRT (Remote Root Command Execution)  View
38442 6706 CVE-2008-6975 20081210 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)  View
38443 6706 CVE-2008-6975 20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
42066 JVNDB-2009-003073 DD-WRT 24 sp2 の apply.cgi におけるクロスサイトリクエストフォージェリの脆弱性 DD-WRT 24 sp2 の apply.cgi には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2008-6975 37088 CVE-2008-6975 6706 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003073.html 2009-07-20 2012-06-26 View