Critical Flaw in DD-WRT

Thanks for the post ... I have a dozen or so routers to update.

FTA - you are only vulnerable if you have remote web management enabled.
 
Even with remote web management enabled, an attacker can use a fake link like "http://192.168.1.1/cgi-bin/DOAHACK" to get started.
 
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.

https://secure.dshield.org/diary.html?storyid=6853
 
Ouch, I'm still running V24 RC-7 (build 9433)... not sure if I'm affected but I guess it doesn't hurt to update.
 
Ouch, I'm still running V24 RC-7 (build 9433)... not sure if I'm affected but I guess it doesn't hurt to update.

you can use
Code:
http://192.168.1.1/cgi-bin/;reboot
to test, it will reboot your router though!
 
Thanks for the heads up, wonder if this affects other 3rd party firmware like Tomato or OpenWRT?

Edit: Tomato doesn't seem to suffer from this exploit :)
 
sticky and rename thread, "DD-WRT -- Gaping Security Chasm"

Seriously, this is sad.
 
sticky and rename thread, "DD-WRT -- Gaping Security Chasm"

Seriously, this is sad.

this only affects people the have gone out of their way to enable remote administration. and it requires people to access a website with the exploit. its not like the default config is wide open and the worm spreads itself.
Posted via [H] Mobile Device
 
this only affects people the have gone out of their way to enable remote administration. and it requires people to access a website with the exploit. its not like the default config is wide open and the worm spreads itself.
Posted via [H] Mobile Device

This.
 
this only affects people the have gone out of their way to enable remote administration. and it requires people to access a website with the exploit. its not like the default config is wide open and the worm spreads itself.
Posted via [H] Mobile Device

RTFA. There is also a trivial hack to bypass that limitation:

But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.

If a hacker can do one, they will have no problem doing the other. That is why this is a critical flaw.
 
RTFA. There is also a trivial hack to bypass that limitation:



If a hacker can do one, they will have no problem doing the other. That is why this is a critical flaw.

then the hacker needs to get you to go to a page they setup, which basically means you need to be retarded and click random shady links, and be running dd-wrt. and then as a worse case scenario, they gain some access to a router which is very likely packed with nothing useful that a hacker would care about 99.999% of the time.

when something has a security hole it does not mean the sky is falling. common linux packages get security updates on a regular basis for a wide variety of exploits, windows gets security updates for explits regularly as well, and now all iphones have a security flaw that apple will get around to fixing when they get bored counting money. just because an expolit exists does not mean there is a warehouse full of hackers ready to go after it. dd-wrt has had a swift and informative response to this and should be applauded.
Posted via [H] Mobile Device
 
;reboot

That wasn't very hard. Are you saying this is a shady link?
 
Back
Top