Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Flaw Discovered In DD-WRT

Posted by kdawson on Friday July 24, 2009 @01:58AM from the my-router-my-self dept.

MagicM writes "A critical flaw has been discovered in DD-WRT, a Linux based alternative open source firmware for WLAN routers such as the fan-favorite Linksys WRT54GL. The flaw can give an attacker instant root access to the router merely by embedding an image with a specially crafted URL in a Web page (CSRF attack)." The linked page notes that a fix is being rolled out (build 12533) and gives firewall rules to thwart the attack if the fix is not available yet for a particular device.

1 of 225 comments (clear)

Min score:

Reason:

Sort:

Oh no! by AtomicDevice · 2009-07-24 02:12 · Score: 0, Flamebait

Because attackers will certainly have difficulty cracking your crappy wep key in 5 minutes or less, or guessing that your username and password is "linksys"/"admin"
And it's only if you have web management enabled? who does that anyways? "Yeah I like to change my wifi password from work sometimes, or maybe forward some ports without having to log into my home machine"

--
Ze Atomic Device! It iz Ztolen!