Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: DD-WRT Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DD-WRT Vulnerability

Paul wrote in to let us know about a new vulnerability in DD-WRT that was being reported in the Register at

DD-WRT runs on routers by Linksys, D-Link Buffalo, ASUS and well as other routers.  The complete list can be found at

This vulnerability will allow an attacker to run programs with root priviledges on a vulnerable router.

More information can be found on the DD-WRT Forum at

Christopher Carboni - Handler On Duty


140 Posts
Jul 22nd 2009
The following note is on the website:

Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.

Links to updated software/firmware:

5 Posts
It looks as though my router has been comprimised, and they disabled the Administration page by deleting files. My Management.asp is now ust some rudimentary data with no ability to save any changes (not that you'd know what they were.

I guess I'll be spending my evening upgrading!

7 Posts

Sign Up for Free or Log In to start participating in the conversation!