For all of my readers who are DD-WRT users you may want to stop using v24 SP1, SANS Internet Storm Center (ISC) has a brief post about a DD-WRT vulnerability that will allow an attacker to run programs with root privileges on a vulnerable router. In other words, this is a really bad vulnerability. Root privileges in Linux is the equivalent to admin privileges in Windows. With root access, a hacker could do anything with your router. Since your router controls what you do on the Internet, that could be really, really bad. The SANS post has a link to the dd-wrt forum which provides additional details regarding the problem as well as some options on how to mitigate it and/or patch the DD-WRT firmware. I highly recommend checking it out right now. Now that I’ve stressed it enough, here’s the link to the SANS ISC page: http://isc.sans.org/diary.html?storyid=6853&rss.
Category archives: DD-WRT
How to Flash Your WRT54GL Firmware from DD-WRT to Tomato
03Dec08**DISCLAIMER**The following instructions are provided without warranty of any kind. Flashing firmware does not come without risk. I will not be held responsible for any resulting equipment failure or otherwise undesirable results. Proceed at your own risk.
This tutorial explains how I successfully re-flashed my Linksys WRT54GL version 1.1 to use the Tomato 1.22 firmware rather than DD-WRT version 23 SP2 VPN firmware (generic) I have been using for the past couple of years. I decided to write this tutorial because lots of sites have instructions on flashing from the default Linksys firmware to Tomato but far fewer sites offer lots of detail on how to flash from other firmware such as DD-WRT.
I have provided directions with enough detail for the non-technical user to feel comfortable with the procedure. To make things faster for the technical users, I have highlighted the major steps. At the bottom of the post, I’ve included links to related articles I’ve published if you’d like to learn more. Continue reading
