For those using DD-WRT on their routers...

Joined
May 31, 2006
Messages
3,763
Location
Windsor, Ontario, Canada
A critical flaw has just been disclosed: http://www.dd-wrt.com/dd-wrtv3/community...com-report.html From the announcement:
 Quote:
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.
 
Joined
Aug 5, 2002
Messages
18,812
Location
Silicon Valley
I thought this web GUI management exploit was there for a few months already, but the new announcement was about the "fix" they finally put in place. web GUI management is disabled by default until you enable it manually.
 
Top