DD-WRT httpd vulnerability - and what you can do
As reported at www.miw0rm.com there is a vulnerability in the http-server for the DD-WRT management GUI that can be used for execution of an exploit to gain control over the router.
DD-WRT states:
Note: The exploit can only be used directly from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management. But that limitation could be easily overridden by a Cross-Site Request Forgery (CSFR) where a malicious website could inject the exploit from inside the browser.
We are working with DD-WRT to update the Sputnik-powered DD-WRT firmware on our web site. In the meantime, you can lock down your Sputnik-powered routers by issuing the following four commands using the Execute Command function in SputnikNet:
- insmod ipt_webstr
- ln -s /dev/null /tmp/exec.tmp
- iptables -D INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset
- iptables -I INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset
If you want to be sure the settings took effect, you can then send the "Firewall List - No Lookup" command (iptables -L -n).
You should see, in the Input Chain, the last iptables policy, as follows:
Please watch this space for updates on Sputnik-powered DD-WRT firmware.
Comments [0]