Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: DD-WRT Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DD-WRT Vulnerability

Paul wrote in to let us know about a new vulnerability in DD-WRT that was being reported in the Register at http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/.

DD-WRT runs on routers by Linksys, D-Link Buffalo, ASUS and well as other routers.  The complete list can be found at http://www.dd-wrt.com/wiki/index.php/Supported_Devices

This vulnerability will allow an attacker to run programs with root priviledges on a vulnerable router.

More information can be found on the DD-WRT Forum at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173&postdays=0&postorder=asc&start=0

Christopher Carboni - Handler On Duty

Chris

140 Posts
The following note is on the www.dd-wrt.com website:

Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.

Links to updated software/firmware:

http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Feko%2FBrainSlayer-V24-preSP2%2F07-21-09-r12533/
Bill

5 Posts
It looks as though my router has been comprimised, and they disabled the Administration page by deleting files. My Management.asp is now ust some rudimentary data with no ability to save any changes (not that you'd know what they were.

I guess I'll be spending my evening upgrading!
Keith

7 Posts

Sign Up for Free or Log In to start participating in the conversation!