It's good to know this is known and taken care of already. Who knows how long some the manufacturers would have taken to address and fix this. Long live Linux, DD-WRT, and OSS. _________________
ASUS AC3200
Linksys WRT32X
Linksys WRT3200 ACM
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Tue Jul 21, 2009 13:38 Post subject:
I watched the u-tube video and read the linked articles in the post.
Is your router still vulnerable from the wan side if you do not have any remote access enabled? Doesn't look like it but I'm not sure. _________________ [Moderator Deleted]
Imho, opening httpd on the WAN interface is a lame mistake considering that SSH is available.
I am more worried about getting hacked from inside my trusted office network.
Agreed. I have never used httpd remotely anyway always sshd. Not to say that ssh couldn't be exploited at some point too. I rarely need to administer remotely as a rule. _________________
ASUS AC3200
Linksys WRT32X
Linksys WRT3200 ACM
That's exactly what I meant. You shouldn't have to dig for them. Personally, I'd patch the v24 SP1 source code, recompile and issue SP1a or something. Not everybody's going to trust a prerelease version.
That's exactly what I meant. You shouldn't have to dig for them. Personally, I'd patch the v24 SP1 source code, recompile and issue SP1a or something. Not everybody's going to trust a prerelease version.
Reading over this thread, I agree.
The latest advertised downloads need to be updated or patched.
As I type there are probably hundreds of people downloading v24sp1 having no idea of this vulnerability.