CVE-2020-13976
HIGHDD-WRT < 16214 - Authenticated OS Command Injection via Diagnostic Ping Host Field
Title source: llmDescription
An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://svn.dd-wrt.com/ticket/7039
Scores
CVSS v3
8.8
EPSS
0.0177
EPSS Percentile
75.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
dd-wrt/dd-wrt
< 16214
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026