[Tfug] Critical flaw discovered in DD-WRT

Eric Gearhart eric at nixwizard.net
Fri Jul 24 07:38:27 MST 2009


I know at least a few folks on this list run DD-WRT (myself included)...

http://it.slashdot.org/story/09/07/24/1247212/Critical-Flaw-Discovered-In-DD-WRT

"As reported at www.miw0rm.com there is a vulnerability in the
http-server for the DD-WRT management GUI that can be used for
execution of an exploit to gain control over the router.

Note: The exploit can only be used directly from outside your network
over the internet if you have enabled remote Web GUI management in the
Administration tab. As immediate action please disable the remote Web
GUI management. But that limitation could be easily overridden by a
Cross-Site Request Forgery (CSFR) where a malicious website could
inject the exploit from inside the browser."

--
Eric
http://nixwizard.net




More information about the tfug mailing list