Gaping Hole in DD-WRT: Router Software with Back Door

Jul 24, 2009

The free router software DD-WRT opens in its version 24(SP1) a huge door due to a vulnerability in its HTTP daemon server.

The problem with the DD-WRT router software is the httpd process doesn't sufficiently test user input and, therefore, is vulnerable to cross-site request forgery (CSRF) attacks.

Takeover of the systems requires only a shell-created crafted link that brings the user to a posting that does the damage without even needing an authenticated session. SecurityFocus has the serious bug still listed as unresolved. The DD-WRT forum meanwhile points to bug fixes for the large number of router models affected.

Related content

comments powered by Disqus

Issue 193/2016

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia