CVE-2009-2765

EXPLOITED

DD-WRT < 24 - Remote Code Execution via CGI-BIN URI Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2009-2765 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, gat3way, H D Moore, including a Metasploit module exploits/linux/http/ddwrt_cgibin_exec.

AI-analyzed exploit summary This Metasploit module exploits a metacharacter injection vulnerability in DD-WRT's HTTP management server, allowing unauthenticated arbitrary command execution as root via a crafted GET request to the cgi-bin endpoint.

Description

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16856

This Metasploit module exploits a metacharacter injection vulnerability in DD-WRT's HTTP management server, allowing unauthenticated arbitrary command execution as root via a crafted GET request to the cgi-bin endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT (HTTP management server)
No auth needed
Prerequisites: Network access to the DD-WRT management interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by gat3way · textremotehardware
https://www.exploit-db.com/exploits/9209

This is a detailed technical analysis of CVE-2008-6975, a remote root vulnerability in DD-WRT's httpd server due to command injection and authentication bypass. The writeup explains the root cause, including lack of metacharacter handling and execution of commands without authentication.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT firmware (latest 24 sp1 version)
No auth needed
Prerequisites: Network access to the DD-WRT management web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · rubyremotelinux
https://www.exploit-db.com/exploits/10030

This Metasploit module exploits a command injection vulnerability in DD-WRT's HTTP management server (CVE-2009-2765) by injecting arbitrary commands via a malformed GET request. The payload is encoded and executed as root without authentication.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT (HTTP management server)
No auth needed
Prerequisites: Network access to the DD-WRT HTTP management interface (port 80)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by gat3way, hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ddwrt_cgibin_exec.rb

This Metasploit module exploits a metacharacter injection vulnerability in DD-WRT's HTTP management server, allowing unauthenticated remote command execution as root via a crafted GET request to the cgi-bin endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: DD-WRT (multiple versions, likely pre-2009)
No auth needed
Prerequisites: Network access to the DD-WRT management interface · Vulnerable DD-WRT firmware version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35742
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9209
Patch, Vendor Advisory x_refsource_confirm
http://www.dd-wrt.com/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/55990
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022596

Scores

EPSS 0.8967
EPSS Percentile 99.6%

Details

VulnCheck KEV 2019-06-13
CWE
CWE-20
Status published
Products (1)
dd-wrt/dd-wrt < 24
Published Aug 14, 2009
Tracked Since Feb 18, 2026