What is CVE-2009-2765?

CVE-2009-2765 is a vulnerability in N/a. Published 2009-08-14.

Is CVE-2009-2765 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

EPSS: 0.897 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

35742 (vdb-entry, x_refsource_BID)
9209 (exploit, x_refsource_EXPLOIT-DB)
www.dd-wrt.com/ (x_refsource_CONFIRM)
55990 (x_refsource_OSVDB, vdb-entry)
www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/ (x_refsource_MISC)
isc.sans.org/diary.html (x_refsource_MISC)
1022596 (vdb-entry, x_refsource_SECTRACK)
www.dd-wrt.com/phpBB2/viewtopic.php (x_refsource_MISC)
metasploit.com/svn/framework3/trunk/modules/exploits/linux/http/ddwrt_cgibin_ex… (x_refsource_MISC)

Frequently asked questions

What is CVE-2009-2765?: CVE-2009-2765 is a vulnerability in N/a. Published 2009-08-14.
Is CVE-2009-2765 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.