Gaping Hole in DD-WRT: Router Software with Back Door
Jul 24, 2009
The free router software DD-WRT opens in its version 24(SP1) a huge door due to a vulnerability in its HTTP daemon server.
The problem with the DD-WRT router software is the httpd process doesn't sufficiently test user input and, therefore, is vulnerable to cross-site request forgery (CSRF) attacks.
Takeover of the systems requires only a shell-created crafted link that brings the user to a posting that does the damage without even needing an authenticated session. SecurityFocus has the serious bug still listed as unresolved. The DD-WRT forum meanwhile points to bug fixes for the large number of router models affected.