Slashdot Mirror


Critical Flaw Discovered In DD-WRT

MagicM writes "A critical flaw has been discovered in DD-WRT, a Linux based alternative open source firmware for WLAN routers such as the fan-favorite Linksys WRT54GL. The flaw can give an attacker instant root access to the router merely by embedding an image with a specially crafted URL in a Web page (CSRF attack)." The linked page notes that a fix is being rolled out (build 12533) and gives firewall rules to thwart the attack if the fix is not available yet for a particular device.

6 of 225 comments (clear)

  1. fago82 by Anonymous Coward · · Score: -1, Troll
  2. Linksys suck by FudRucker · · Score: -1, Troll

    especially since Cisco took over, before they were just cheap but usable, now you cant even navigate their crappy flash bloated website, i am going to buy a Netgear router as soon as i get my paycheck today, then post a rant on youtube why Linksys sucks to much.

    you hear that Cisco, customers that just want the info and support dont want their web browsers bogged down with a bunch of stupid & useless graphics and flash animations, fire your webmasters and graphics designers and get a clean yet simple website that is easy to navigate without flash

    --
    Politics is Treachery, Religion is Brainwashing
    1. Re:Linksys suck by FudRucker · · Score: -1, Troll

      well, lets see, i never updated the firmware on a Linksys wrt54g version 8.2 so i go to Cisco/Linksys website to check on a firmware update since the topic of this vulnerability comes up and i find the website's pages to select the router version wont load (v.8.2) since i can not even see if i need a firmware update i consider that router no longer safe to use, is it vulnerable?, is it even still supported? maybe it is time to switch router brands to another company that that has a website where i can at least check to see if there is a firmware update.

      --
      Politics is Treachery, Religion is Brainwashing
    2. Re:Linksys suck by FudRucker · · Score: 0, Troll

      does not matter what firmware brand or version is on it, if i fucking can not check for an update then i assume it is old & obsolete and should be tossed in to the trash, or should i be happy just running a mystery box router not knowing if it needs updating or replacing or not?

      --
      Politics is Treachery, Religion is Brainwashing
  3. Old news by Anonymous Coward · · Score: -1, Troll

    This was just posted now? LOL

  4. Re:This is a common stack in wifi APs by Anonymous Coward · · Score: -1, Troll

    So, you want the DD-WRT people to email you when a bug is discovered? Cisco would not email you either.. Neither does Microsoft, Adobe or... ANYONE.

    When you install software it is caveat emptor, don't expect personal notifications from any software company about updates or critical flaws. "Trolling forums" is exactly how to find out about these issues before you get hacked, as is the case with ALL software.

    Unless you are the one guy that gets a personal call from Bill Gates every day with all the bugs discovered in their software. In that case I'd offer my most sincere apology.