26Jan08
The quite common Linksys WRT54GL v4.x has a serious vulnerability that can be exploited by hackers remotely (i.e., from across the Internet). The vulnerability is Cross Site Request Forgery (CSRF). This is possibly the second most common web vulnerability (second only to Cross Site Scripting aka XSS). Despite its prevalence, CSRF is not well known or understood by many people. I thought about writing a short explanation of CSRF but I don’t have my head around it well enough to feel comfortable explaining it to you. So, I’ve done the next best thing–I’ve located an excellent article by CSO magazine titled “Threat Watch: Cross Site Request Forgery (CSRF) Why a little-known web application vulnerability could cause big problems.”
As far as I know, this vulnerability is unpatched by Linksys which means there is update to fix this problem if you want to keep running the standard Linksys firmware. However, you can fix this vulnerability and gain additional features by upgrading to an open source firmware such as DD-WRT or Tomato. I happen to own a Linksys WRT54GL version 1.1 and have flashed it with the DD-WRT firmware. Because flashing a router’s firmware is not for the faint of heart, I have composed very detailed how-to instructions for those who are interested.
Another mitigation method I almost forgot to mention is to actually quite simple. Do not visit other websites while logged in to administer the Linksys WRT54GL. [via Secunia]
19Jan08
Lifehacker has an interesting post on the Tomato custom router firmware. When a friend emailed me about the Lifehacker post, I first dismissed the article because when I was deciding on which firmware to flash my Linksys WRT54GL
with, I looked at Tomato but didn’t think it was as powerful as DD-WRT or OpenWRT. However, when I read Lifehacker’s post my interest was re-sparked in Tomato. The author did admit that dd-wrt had a more robust feature set and polished admin interface. However, he also indicated that Tomato had a better layout, better Quality of Service (QOS) support, and prettier graphical charts than dd-wrt. Also, the average user probably wouldn’t use the more powerful dd-wrt features anyway.
I wish I had the time/patience to re-flash my Linksys WRT54GL with Tomato just to try it out. Its very unlikely that I will because I don’t want to risk bricking my perfectly functioning dd-wrt enabled router. I also really like dd-wrt. Too bad flashing a router is a lot more complex than just installing software.
Also, the Lifehacker article doesn’t mention OpenWRT (a couple of commenters do) but OpenWRT seems to be the hard-core geek’s choice. I’ve thought about making the switch to it but it is probably more complex than I want to deal with. I really considered OpenWRT over DD-WRT but DD-WRT’s site looked better maintained and easier to read. Plus, until recently all OpenWRT management seemed like it when through a Linux shell (i.e., command line). Now though x-wrt seems to address what some would call a short coming of OpenWRT.
If anyone wants to send me a Linksys WRT54GL so I can experiment with it and write more tutorials on firmware flashing, let me know and I can add it to my Amazon Wish List so you can send it to me easily. Also, don’t forget to check out my ever-popular “How to Flash the WRT54GL with DD-WRT Firmware” tutorial.
12Apr07
**DISCLAIMER** The following instructions are provided without warranty of any kind. Flashing firmware does not come without risk. I will not be held responsible for any resulting equipment failure or otherwise undesirable results. Proceed at your own risk.
This tutorial explains how I successfully flashed my Linksys WRT54GL version 1.1 with the open source dd-wrt version 23 SP2 VPN firmware (generic). If you happen to have Linksys WRT54GL version 1 rather than 1.1 (you can tell by the serial number prefix of CL7A for version 1.0 and CL7B for version 1.1 per the Wikipedia entry and dd-wrt Wiki), you may have to follow slightly different instructions. The main difference is that you will need to flash to a smaller version of the dd-wrt firmware (the mini version) first due to a flash file size limit on the version 1.0 WRT54GL firmware before flashing to the standard, VOIP, or VPN versions.
As a bit of background information, I’m used a fully patched (as of April 6, 2007) Windows XP Pro with Service Pack 2 (SP2) and Internet Explorer 6 during the firmware upgrade process. The OS and web browser shouldn’t matter that much, but I have heard reports of Firefox causing some problems with the Flash for some people in the past though others have claimed to use Firefox without any problems–just a word of caution.
Before you begin, download the package and version of the dd-wrt firmware best suited to your needs though this tutorial walks through flashing to the open source dd-wrt version 23 SP2 VPN firmware. Once you’ve downloaded the file, go ahead an unzip the files. The zip package contains several files, you will only need the “dd-wrt.v23_vpn_generic” file. We’re going to be using the generic file rather than the wrt54g file because we’re going to be using the web GUI to upload the file. Continue reading