CVE-2009-2766

DD-WRT 24 sp1 - Unauthenticated Settings Modification via cgi-bin/

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2766. PoCs published by gat3way.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2008-6975, a remote root vulnerability in DD-WRT's httpd server due to command injection and authentication bypass. The writeup explains the root cause, including lack of metacharacter handling and execution of commands without authentication.

Description

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.

Exploits (1)

exploitdb WRITEUP VERIFIED

by gat3way · textremotehardware

https://www.exploit-db.com/exploits/9209

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2008-6975, a remote root vulnerability in DD-WRT's httpd server due to command injection and authentication bypass. The writeup explains the root cause, including lack of metacharacter handling and execution of commands without authentication.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: DD-WRT firmware (latest 24 sp1 version)

No auth needed

Prerequisites: Network access to the DD-WRT management web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9209

Exploit x_refsource_misc

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173

Scores

EPSS 0.0513

EPSS Percentile 91.3%

Details

CWE

CWE-264

Status published

Products (1)

dd-wrt/dd-wrt 24 sp1

Published Aug 14, 2009

Tracked Since Feb 18, 2026