Category archives: DD-WRT

DD-WRT v24 Released

24May08

On May 18, 2008 the DD-WRT website announced the final release of DD-WRT v24 to the public. I haven’t had a chance to install the update or to even research all of the new features but based on the popularity of my How to Flash the WRT54GL with DD-WRT Firmware post I felt obligate to write a quick post informing everyone of this new update. You can read more about the new release at the DD-WRT website. [via Lifehacker].

Filed under DD-WRT, WRT54GL| | 4 Comments

Linksys WRT54GL Cross Site Request Forgery (CSRF) Vulnerability

26Jan08

The quite common Linksys WRT54GL v4.x has a serious vulnerability that can be exploited by hackers remotely (i.e., from across the Internet). The vulnerability is Cross Site Request Forgery (CSRF). This is possibly the second most common web vulnerability (second only to Cross Site Scripting aka XSS). Despite its prevalence, CSRF is not well known or understood by many people. I thought about writing a short explanation of CSRF but I don’t have my head around it well enough to feel comfortable explaining it to you. So, I’ve done the next best thing–I’ve located an excellent article by CSO magazine titled “Threat Watch: Cross Site Request Forgery (CSRF) Why a little-known web application vulnerability could cause big problems.”

As far as I know, this vulnerability is unpatched by Linksys which means there is update to fix this problem if you want to keep running the standard Linksys firmware. However, you can fix this vulnerability and gain additional features by upgrading to an open source firmware such as DD-WRT or Tomato. I happen to own a Linksys WRT54GL version 1.1 and have flashed it with the DD-WRT firmware. Because flashing a router’s firmware is not for the faint of heart, I have composed very detailed how-to instructions for those who are interested.

Another mitigation method I almost forgot to mention is to actually quite simple. Do not visit other websites while logged in to administer the Linksys WRT54GL. [via Secunia]

Filed under DD-WRT, Tech Advice, WRT54GL| | 3 Comments

Tomato Firmware Option for WRT54GL

19Jan08

Lifehacker has an interesting post on the Tomato custom router firmware. When a friend emailed me about the Lifehacker post, I first dismissed the article because when I was deciding on which firmware to flash my Linksys WRT54GL with, I looked at Tomato but didn’t think it was as powerful as DD-WRT or OpenWRT. However, when I read Lifehacker’s post my interest was re-sparked in Tomato. The author did admit that dd-wrt had a more robust feature set and polished admin interface. However, he also indicated that Tomato had a better layout, better Quality of Service (QOS) support, and prettier graphical charts than dd-wrt. Also, the average user probably wouldn’t use the more powerful dd-wrt features anyway.

I wish I had the time/patience to re-flash my Linksys WRT54GL with Tomato just to try it out. Its very unlikely that I will because I don’t want to risk bricking my perfectly functioning dd-wrt enabled router. I also really like dd-wrt. Too bad flashing a router is a lot more complex than just installing software.

Also, the Lifehacker article doesn’t mention OpenWRT (a couple of commenters do) but OpenWRT seems to be the hard-core geek’s choice. I’ve thought about making the switch to it but it is probably more complex than I want to deal with. I really considered OpenWRT over DD-WRT but DD-WRT’s site looked better maintained and easier to read. Plus, until recently all OpenWRT management seemed like it when through a Linux shell (i.e., command line). Now though x-wrt seems to address what some would call a short coming of OpenWRT.

If anyone wants to send me a Linksys WRT54GL so I can experiment with it and write more tutorials on firmware flashing, let me know and I can add it to my Amazon Wish List so you can send it to me easily. Also, don’t forget to check out my ever-popular “How to Flash the WRT54GL with DD-WRT Firmware” tutorial.

Filed under DD-WRT, WRT54GL| | 13 Comments