For what it’s worth, I scanned my DD-wrt (build 20548) from WAN and LAN with the instructions given in the article and it returned no vulnerabilities/CVEs.
For what it’s worth, I scanned my DD-wrt (build 20548) from WAN and LAN with the instructions given in the article and it returned no vulnerabilities/CVEs.
Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.
It's amazing that people freak out about the littlest things.. or that "Homeland inSecurity" uses this as a scare tactic.
Truthfully, why would you have a UPnP service on the WAN port in any scenario? This is just asking for trouble. There is no issue whatsoever if it's running on the LAN port(s). *sigh*
I wouldn't be surprised if HS got chewed out by the IT community for using this BS tactic.. because we all know that HS is looking out for us. [/sarcasm]
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Wed Jan 30, 2013 19:23 Post subject:
blisk wrote:
Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.
I do not think that it has ever been a problem in DD-WRT, that is unless iptables is configured incorrectly. You have to remember that DD-WRT is based on Linux. Except for misconfigurations, Linux is a very secure OS. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
They would have you install Java on your computer to scan for vulnerabilities. Ironic, isn't it?
This vulnerability is not present in current DD-WRT builds, I have tested it against my builds and my new one I am about to release and both come back clean.
Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.
Just flash those older builds that you are worried about, test for the vulnerability and report back here. _________________ Kernel panic: Aiee, killing interrupt handler!
They would have you install Java on your computer to scan for vulnerabilities. Ironic, isn't it?
This vulnerability is not present in current DD-WRT builds, I have tested it against my builds and my new one I am about to release and both come back clean.
-Fractal
AFAIK, only older versions of miniupnpd are affected. DD-WRT is usually doing an excellent job at keeping up with newer versions of the services it uses. Tomato's version 1.6 is also fine. I haven't tested mine yet, but I intend to upgrade to miniupnpd 1.6 anyway, just to be on the safe side.
I have build 14929 std-nokaid installed on my WRT160N v1, with basically the default configuration (all I did was change the SSID, set wireless security to WPA2+AES, and set a passphrase). I ran the Rapid7 UPnP Check and it is not vulnerable.
I have build 14929 std-nokaid installed on my WRT160N v1, with basically the default configuration (all I did was change the SSID, set wireless security to WPA2+AES, and set a passphrase). I ran the Rapid7 UPnP Check and it is not vulnerable.
Is UPnP enabled? I can't remember if it is enabled by default. _________________ Linksys WRT600N v1.1 - DD-WRT v24-sp2 (04/30/09) mega - build 12031M NEWD Eko
Linksys WRT54GS v2 - DD-WRT v24-sp2 (11/19/08) mega - build 10949M NEWD Eko
Linksys WRT54G v2 - DD-WRT v24-sp2 (11/19/08) std - build 10949M NEWD Eko