CVE-2012-6297

Name of the Vulnerable Software and Affected Versions: DD-WRT version 24-sp2

Description: A Command Injection issue exists due to a CSRF in DD-WRT, allowing a remote malicious user to cause a Denial of Service by using specially crafted configuration values that contain shell meta-characters.

Recommendations: For DD-WRT version 24-sp2, as a temporary workaround, consider restricting access to configuration values to minimize the risk of exploitation. Avoid using configuration values that contain shell meta-characters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.