CVE-2009-2766

Name of the Vulnerable Software and Affected Versions DD-WRT version 24 sp1

Description The issue concerns the management GUI in DD-WRT, where the httpd.c in httpd does not require administrative authentication for programs under cgi-bin/. This allows remote attackers to change settings via HTTP requests.

Recommendations For DD-WRT version 24 sp1, consider restricting access to the cgi-bin/ directory until a patch is available. As a temporary workaround, limit the execution of programs under cgi-bin/ to only those that are necessary for the system's operation.