IMPORTANT!! Open-source firmware vulnerability exposes wireless routers

#1 (**permalink**) 07-23-2009, 12:12 PM

Open-source firmware vulnerability exposes wireless routers
http://www.theregister.co.uk/2009/07...t_router_vuln/

List of devices with problem.
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

#2 (**permalink**) 07-24-2009, 12:41 PM

Froggie the Gremlin wrote:

> List of devices with problem.

Er not quite. That's a list of devices that could have the problem, if
somebody has installed the third party DD-WRT firmware onto it. Not the same
thing, really.

> http://www.dd-wrt.com/wiki/index.php/Supported_Devices

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
12:40:20 up 79 days, 1:08, 2 users, load average: 0.57, 0.22, 0.12
A few flakes working together can unleash an avalanche of destruction

#3 (**permalink**) 07-24-2009, 10:26 PM

In message <1442535.EqChMirdbg@ale.cx> alexd <troffasky@hotmail.com> was
claimed to have wrote:

>Froggie the Gremlin wrote:
>
>> List of devices with problem.
>
>Er not quite. That's a list of devices that could have the problem, if
>somebody has installed the third party DD-WRT firmware onto it. Not the same
>thing, really.

It's also interesting that few of the sites that discuss the exploit
mention that it only works if the attacker can guess the router's IP.

While there may be defaults that a decent percentage of users use,
DD-WRT firmware tends to be installed by more technical users, and few
of the techies that I know use 192.168.(0|1|100).1, using an even
moderately unique subnet will largely neuter the primary attack vectors.