CVE-2022-27631

Name of the Vulnerable Software and Affected Versions DD-WRT versions Revision 32270 through Revision 48599

Description The issue is related to insufficient input validation in the httpd module of DD-WRT, which can be exploited by sending a specially-crafted HTTP request to execute arbitrary code. A memory corruption vulnerability exists in the httpd unescape functionality, allowing an attacker to trigger memory corruption by sending a network request.

Recommendations For DD-WRT versions Revision 32270 through Revision 48599, as a temporary workaround, consider restricting access to the httpd module until a patch is available. Avoid using the vulnerable httpd unescape functionality in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.