Gaping Hole in DD-WRT: Router Software with Back Door

Jul 24, 2009

The free router software DD-WRT opens in its version 24(SP1) a huge door due to a vulnerability in its HTTP daemon server.

The problem with the DD-WRT router software is the httpd process doesn't sufficiently test user input and, therefore, is vulnerable to cross-site request forgery (CSRF) attacks.

Takeover of the systems requires only a shell-created crafted link that brings the user to a posting that does the damage without even needing an authenticated session. SecurityFocus has the serious bug still listed as unresolved. The DD-WRT forum meanwhile points to bug fixes for the large number of router models affected.

Related content

comments powered by Disqus

Issue 175/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia