For all of my readers who are DD-WRT users you may want to stop using v24 SP1, SANS Internet Storm Center (ISC) has a brief post about a DD-WRT vulnerability that will allow an attacker to run programs with root privileges on a vulnerable router. In other words, this is a really bad vulnerability. Root privileges in Linux is the equivalent to admin privileges in Windows. With root access, a hacker could do anything with your router. Since your router controls what you do on the Internet, that could be really, really bad. The SANS post has a link to the dd-wrt forum which provides additional details regarding the problem as well as some options on how to mitigate it and/or patch the DD-WRT firmware. I highly recommend checking it out right now. Now that I’ve stressed it enough, here’s the link to the SANS ISC page: http://isc.sans.org/diary.html?storyid=6853&rss.
Subscribe