Is dd-wrt susceptible to the Misfortune Cookie vulnerability

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
a1smith
DD-WRT Novice


Joined: 20 Mar 2011
Posts: 17

PostPosted: Fri Dec 19, 2014 4:29    Post subject: Is dd-wrt susceptible to the Misfortune Cookie vulnerability Reply with quote
From http://mis.fortunecook.ie/

Quote:
Researchers from Check Point’s Malware and Vulnerability Research Group recently uncovered this critical vulnerability present on millions of residential gateway (SOHO router) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over the device with administrative privileges.


Quote:
The affected software is the embedded web server RomPager from AllegroSoft. Internet-wide scans suggest RomPager is likely the most popular web server software in the world with respect to number of available endpoints. RomPager is typically embedded in the firmware released with the device.


I'm wondering if dd-wrt has this vulnerability. Does it use any code from RomPager SDK for web server?
Sponsor
Newbrain
DD-WRT User


Joined: 28 Dec 2013
Posts: 53

PostPosted: Fri Dec 19, 2014 16:07    Post subject: Reply with quote
No, DD-WRT use lighttpd. Anyways, don't enable any webserver/services on the WAN side Smile

Edited to add that the WebIF actually runs under Milkfish

/Newbrain

_________________
Linksys WRT320N --> E2000 K3X Build 23919 Mega
ASUS RT-N66U K3X Build 23919 Big
ASUS RT-AC68U K3X Build r25648
a1smith
DD-WRT Novice


Joined: 20 Mar 2011
Posts: 17

PostPosted: Fri Dec 19, 2014 21:16    Post subject: Reply with quote
I agree; I have all remote access disabled.

Good to know dd-wrt is not using RomPager; not enough info about how corrupt cookies cause issue and if disabling remote access would be enough. So, if not there at all, we should be fine.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum