Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Flaw Discovered In DD-WRT

Posted by kdawson on from the my-router-my-self dept.

MagicM writes "A critical flaw has been discovered in DD-WRT, a Linux based alternative open source firmware for WLAN routers such as the fan-favorite Linksys WRT54GL. The flaw can give an attacker instant root access to the router merely by embedding an image with a specially crafted URL in a Web page (CSRF attack)." The linked page notes that a fix is being rolled out (build 12533) and gives firewall rules to thwart the attack if the fix is not available yet for a particular device.

9 of 225 comments (clear)

  1. Re:This is a common stack in wifi APs by qoncept · · Score: 5, Insightful

    What are you talking about?

    1. If people not only updated the firmware on their router, but had to do hacks to get it on there, don't you think they're probably at least a tad more likely to keep the firmware up to date than Joe Blammo with the factory firmware installed?

    2. Do you think DD-WRT was really all that much more susceptible to having a flaw than, say, something from Cisco? Or, by the same thought process, do you think open source Linux is inherently more vulnerable than Windows?

    3. Homogeny? Huh?! Do you mean the homogeny that's defined has "a significant portion of huge nerds (though certainly not even close to a majority) uses this software" ? How many routers are being used in homes and small businesses around the world? You think enough of them are running DD-WRT to call it a homogeny? Name a router that you think has more instances of DD-WRT installed than the factory firmware.

    Software bugs happen. You don't need to get all philosophical about it. And besides, this is no more dangerous than the much larger number of people probably still using the default password on their router, and probably only slightly more dangerous than the huge number of people who don't have any kind of security. Relax.

    --
    Whale
  2. Re:Standard Practices by gamefreak1450 · · Score: 5, Informative

    Basically, I would NEVER allow remote web management of a device if it's on the internet.

    Good idea, but this is a critical exploit because hackers can make an img tag load the malformed URL. If they can trick you into viewing that image, then your router will be compromised from your computer on the network. Disabling the external management will prevent internet users from compromising your router, but it is still vulnerable to local threats, as executed through the CSRF method.

  3. DD-WRT !GPL Compliant (or open source) by Anonymous Coward · · Score: 5, Informative

    DD-WRT just isn't compliant with the GPL on so many levels.calling it an "open source" firmware is a lie and a disgrace to the open source community.

    The open source parts are OpenWRT.

    1. Re:DD-WRT !GPL Compliant (or open source) by Anonymous Coward · · Score: 5, Informative

      DD-WRT is Harmful to open source

  4. Re:This is a common stack in wifi APs by Anonymous Coward · · Score: 5, Informative

    3. Homogeny? Huh?! Do you mean the homogeny that's defined has "a significant portion of huge nerds (though certainly not even close to a majority) uses this software" ? How many routers are being used in homes and small businesses around the world? You think enough of them are running DD-WRT to call it a homogeny? Name a router that you think has more instances of DD-WRT installed than the factory firmware.

    WRT54GL

    http://www.linksysbycisco.com/US/en/products/WRT54GL

  5. Please look at this picture ... by janwedekind · · Score: 5, Interesting

    ... to add a firewall-rule fixing this issue.

  6. Re:This is a common stack in wifi APs by HockeyPuck · · Score: 5, Interesting

    1. If people not only updated the firmware on their router, but had to do hacks to get it on there, don't you think they're probably at least a tad more likely to keep the firmware up to date than Joe Blammo with the factory firmware installed?

    You're assuming that all these people that installed dd-wrt on their router installed it on their own routers only. Not their parents, friends etc, and forgot about it.

    Do most open source projects have a mailing list in which ONLY important notifications like this go out? In comparison, two years ago I bought a coffee pot from Amazon, and the manufacturer issued a recall for the pot itself. Amazon notified me via email that there was a recall for the pot and provided instructions on how to get a new replacement glass pot. Trolling forums or slashdot isn't exactly my idea of customer service.

    If I had bought a Cisco/linksys router and there was a similar problem would I have been notified after registering the product?

  7. Re:This is a common stack in wifi APs by narfspoon · · Score: 5, Insightful

    [Citation Needed]

    If you read the comments on NewEgg.com for that router model, not everyone mentions DD-WRT. Some use other 3rd party firmwares like Tomato or Open-WRT or custom builds. And believe it or not, some even write a positive review for the default factory firmware. The nice thing about that model ("L" version) is the extra memory headroom. Earlier models were stripped and crippled to run a really crappy default firmware from Linksys. BitTorrent crashes these small memory models often.

    http://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions

  8. How did this happen? by MobyDisk · · Score: 5, Interesting

    The bug resides in DD-WRT's hyper text transfer protocol daemon, which runs as root.

    Whhaaat??? And the command looks like:

    http://routerIP/cgi-bin/;command_to_execute

    Whhaaat???

    This is a bug even Adobe would be ashamed to admit. An http server, running as root, accepts arbitrary commands, without authentication, embedded in a URL? That's not a bug thats... that's a design flaw... no... that's... unbelievable!

    Is there a legitimate reason that the http daemon runs as root? (It is for embedded devices...) Or that commands are accepted over HTTP GET like that?