Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Flaw Discovered In DD-WRT

Posted by kdawson on Friday July 24, 2009 @01:58AM from the my-router-my-self dept.

MagicM writes "A critical flaw has been discovered in DD-WRT, a Linux based alternative open source firmware for WLAN routers such as the fan-favorite Linksys WRT54GL. The flaw can give an attacker instant root access to the router merely by embedding an image with a specially crafted URL in a Web page (CSRF attack)." The linked page notes that a fix is being rolled out (build 12533) and gives firewall rules to thwart the attack if the fix is not available yet for a particular device.

3 of 225 comments (clear)

Min score:

Reason:

Sort:

Re:Mod Parent Up by Anonymous Coward · 2009-07-24 02:06 · Score: -1, Offtopic

I traded my 360 for a Wii. Why? Because I already have a computer.
Does this affect the non-wireless router? by improfane · 2009-07-24 02:25 · Score: 0, Offtopic

I have the non-wireless version of this router (BEFSR41)
Does anyone know if affects that too?

--
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
Keeping up by dvhirt · 2009-07-24 02:43 · Score: -1, Offtopic

This has been reported since at least 2009-07-20. Common Slashdot, keep up!