For those using DD-WRT on their routers...

Status
Not open for further replies.
Joined
May 31, 2006
Messages
4,073
Location
Windsor, Ontario, Canada
A critical flaw has just been disclosed:

http://www.dd-wrt.com/dd-wrtv3/community...com-report.html

From the announcement:

Quote:
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.
 
I thought this web GUI management exploit was there for a few months already, but the new announcement was about the "fix" they finally put in place.

web GUI management is disabled by default until you enable it manually.
 
Status
Not open for further replies.
Back
Top