The management interface of the current stable version of DD-WRT, the free router firmware, suffers a vulnerability that lets attackers run programs with root rights on the router. The vulnerability, described at milw0rm and in the DD-WRT forum, is caused by inadequate handling of meta-characters in the query string in DD-WRT's httpd web server. The server will then run programs even when no session is running.

Full story »
zarkovic's picture
Created by zarkovic 8 years 25 weeks ago
Category: High End   Tags: