CVE-2020-13976

Name of the Vulnerable Software and Affected Versions DD-WRT versions through 16214

Description An issue in the Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. The issue requires administrative privileges and does not provide access beyond that already available to administrative users.

Recommendations For DD-WRT versions through 16214, as a temporary workaround, consider restricting access to the Diagnostic page to minimize the risk of exploitation. Avoid using shell metacharacters in the host field of the ping command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.