Inquiry Regarding CVE-2009-2765 Patch and Product Status

[LA100ti]

Good morning,
Could you please confirm whether a patch is available for CVE-2009-2765 and/or if the affected product is currently End of Life (EoL) or End of Support (EoS)? We’ve seen reports indicating this vulnerability may have been targeted in recent exploitation events:
Fortinet Blog: ShadowV2 Casts a Shadow Over IoT Devices.
Thank you for your assistance.

[egc112]

That seems a bug from 16 years ago which was also taken care of 16 years ago: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=55173&postdays=0&postorder=asc&start=0
You were vulnerable if you had remote management turned on which even then was considered bad practice.

So not sure what this is about

[kernel-panic69]

Seems to be about folks running outdated versions of DD-WRT or other listed firmware in the CVE. Currently, the referenced code no longer exists in the httpd executable used in DD-WRT. In fact, the ONLY reference to cgi-bin is the paypal donation link in the webUI:

``david@sandie:$ cd DD-WRT/src/router/httpd
david@sandie:/DD-WRT/src/router/httpd$ grep -nHRI cgi-bin
visuals/dd-wrt.c:361: websWrite(wp, "<form action="https://www.paypal.com/cgi-bin/webscr\" method="post" target="_blank">");
david@sandie:~/DD-WRT/src/router/httpd$

[BrainSlayer]

closed since issue is refering to a 15 year old version and not valid