DD-WRT Vulnerability

Published: 2009-07-22
Last Updated: 2009-07-22 20:43:54 UTC
by Chris Carboni (Version: 1)
2 comment(s)

Paul wrote in to let us know about a new vulnerability in DD-WRT that was being reported in the Register at http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/.

DD-WRT runs on routers by Linksys, D-Link Buffalo, ASUS and well as other routers.  The complete list can be found at http://www.dd-wrt.com/wiki/index.php/Supported_Devices

This vulnerability will allow an attacker to run programs with root priviledges on a vulnerable router.

More information can be found on the DD-WRT Forum at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173&postdays=0&postorder=asc&start=0

Christopher Carboni - Handler On Duty

Keywords:
2 comment(s)

Comments

The following note is on the www.dd-wrt.com website:

Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.

Links to updated software/firmware:

http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F07-21-09-r12533/
It looks as though my router has been comprimised, and they disabled the Administration page by deleting files. My Management.asp is now ust some rudimentary data with no ability to save any changes (not that you'd know what they were.

I guess I'll be spending my evening upgrading!

Diary Archives