DD-WRT httpd vulnerability (milw0rm.com report)
As reported at www.miw0rm.com there is a vulnerability in the http-server for the DD-WRT management GUI that can be used for execution of an exploit to gain control over the router.
We have fixed the issue and generated new builds of the latest DD-WRT version. You can temporarily download the these files from here until we did update the router database.
[UPDATE] We have integrated most of the fixed build files into the router database. You can check there if files for build 12533 are available for your router. If not (yet) please check the location mentioned above to obtain the files.
Important Note: This only works for non-https requests. if you have HTTPS Management turned on under > Administration > Management > Remote Access, then turn it off. If you don't want to turn it off, you only can do an Update.
Latest DD-WRT Releases
Latest stable release v24 SP1 (Build 10020)
Latest development release v24 preSP2 (Build 21061)
To obtain the matching version for your router please use the Router Database:Router-Database