CVE-2008-6975

DD-WRT 24 sp2 - Cross-Site Request Forgery via apply.cgi Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6975. PoCs published by gat3way, Michael Brooks.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2008-6975, a remote root vulnerability in DD-WRT's httpd server due to command injection and authentication bypass. The writeup explains the root cause, including lack of metacharacter handling and execution of commands without authentication.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.

Exploits (2)

exploitdb WRITEUP VERIFIED
by gat3way · textremotehardware
https://www.exploit-db.com/exploits/9209

This is a detailed technical analysis of CVE-2008-6975, a remote root vulnerability in DD-WRT's httpd server due to command injection and authentication bypass. The writeup explains the root cause, including lack of metacharacter handling and execution of commands without authentication.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT firmware (latest 24 sp1 version)
No auth needed
Prerequisites: Network access to the DD-WRT management web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Michael Brooks · htmlremotehardware
https://www.exploit-db.com/exploits/7389

This exploit leverages a command injection vulnerability in DD-WRT's apply.cgi to execute arbitrary commands as root, change admin credentials, and modify port forwarding rules. The PoC uses HTML forms with hidden inputs to trigger the vulnerability via CSRF.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT v24-sp1 (07/27/08) micro
No auth needed
Prerequisites: Network access to the DD-WRT web interface · Victim must visit the malicious HTML page or be subjected to CSRF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9209
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499119
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499135
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499024

Scores

EPSS 0.0131
EPSS Percentile 66.9%

Details

CWE
CWE-352
Status published
Products (1)
dd-wrt/dd-wrt 24 sp2
Published Aug 14, 2009
Tracked Since Feb 18, 2026