CVE-2009-2766 - OpenCVE

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dd-wrt	Dd-wrt

Configuration 1 [-]

cpe:2.3:a:dd-wrt:dd-wrt:24:sp1:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173
http://www.exploit-db.com/exploits/9209

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-14T15:00:00

Updated: 2024-08-07T05:59:57.168Z

Reserved: 2009-08-14T00:00:00

Link: CVE-2009-2766

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-14T15:16:27.610

Modified: 2017-09-19T01:29:18.280

Link: CVE-2009-2766

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "9209", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9209"}, {"tags": ["x_refsource_MISC"], "url": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2766", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "9209", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9209"}, {"name": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173", "refsource": "MISC", "url": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:57.168Z"}, "title": "CVE Program Container", "references": [{"name": "9209", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9209"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2766", "datePublished": "2009-08-14T15:00:00", "dateReserved": "2009-08-14T00:00:00", "dateUpdated": "2024-08-07T05:59:57.168Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}