A critical flaw has just been disclosed:
http://www.dd-wrt.com/dd-wrtv3/community...com-report.html
From the announcement:
Quote:
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.
http://www.dd-wrt.com/dd-wrtv3/community...com-report.html
From the announcement:
Quote:
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.