site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Open-source firmware flaw exposes wireless routers - DD-WRT

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

reply to jdong

Re: Open-source firmware flaw exposes wireless routers - DD-WRT

Even though it affects DD-WRT, this exploit is not applicable to Tomato. Just in case anyone was wondering as I did.
to forum · permalink · 2009-07-22 00:51:27 ·

Fickey
Terrorists target your resolve

join:2004-05-31
1 edit

said by KodiacZiller:

Even though it affects DD-WRT, this exploit is not applicable to Tomato. Just in case anyone was wondering as I did.
Can you substantiate/elaborate on Tomato's immunity to this exploit? Is it just that HyperWRT isn't vulnerable?
--
Nationalized healthcare? Name one government entity that isn't rife with bureaucratic waste & inefficiency!
to forum · permalink · 2009-07-22 13:47:45 ·


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
2 edits

said by Fickey:

said by KodiacZiller:

Even though it affects DD-WRT, this exploit is not applicable to Tomato. Just in case anyone was wondering as I did.
Can you substantiate/elaborate on Tomato's immunity to this exploit? Is it just that HyperWRT isn't vulnerable?
The Tomato forums has a thread about this, and both responses said Tomato is not affected. Apparently there were xss protections implemented in Tomato 1.14.

»www.linksysinfo.org/forums/showt···st349423

Polarcloud appears to have pulled Tomato, so I'm not confident that Tomato isn't also effected. Anyone heard any response from them
What do you mean they "pulled it?" I am on the page right now and I see both v 1.24 and 1.25 for download.

EDIT: Hmm, it seems you're right. I went to the source forge page to update my old v1.23 and it seems I am getting an error when attempting to download v1.25. However, this doesn't mean it has been "pulled." Could be a server error or what not.
to forum · permalink · 2009-07-22 14:55:42 ·

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR

When you go to dl a firmware file it will not work. That's why he said it might have been pulled as a safe guard until more information was known.

to forum · permalink · 2009-07-22 15:01:15 ·


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

According to the DD-WRT website:

quote:
Note: The exploit can only be used from outside your network over the internet if you have enabled remote Web GUI management in the Administration tab. As immediate action please disable the remote Web GUI management.
From this one can surmise that if you do not use remote web GUI management on Tomato, then Tomato would also be "immune."
to forum · permalink · 2009-07-22 15:22:17 ·

Ravenheart

join:2006-02-10
Berkeley, CA

Does this statement from DD-WRT jive with what we know?

to forum · permalink · 2009-07-22 15:27:43 ·
Forums > Broadband Tech > Security > Security

Saturday, 02-Jun 19:16:44 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics