
Linksys E-series Unauthenticated Remote Code Execution Exploit - aburan28
http://www.exploit-db.com/exploits/31683/
======
breakall
Is DD-WRT really a secure alternative to stock firmware at this point? It
seems as though development has stalled out on it.

For example, I have an Linksys E2000. The "recommended" build on the DD-WRT
wiki page is 14929, which is from approximately August 2010. The most recent
compatible build I can find is 18946, which is dated 4/7/2012.

Running firmware that is 2 - 4 years old just seems very unsafe.

------
JoshGlazebrook
Am I correct in assuming this only affects the stock firmware and not say dd-
wrt which I have installed on my e3200?

Which by the way is a pretty solid router so far. Aside from dd-wrt not
supporting its 5ghz radio. I tried a Tomato build for it that support 5ghz,
but for some reason my router would just lock up every other day with that
firmware no matter how it was installed.

~~~
blueskin_
Yes.

I have one of those with DD-WRT as well. A vuln in a router will only affect
DD-WRT as well if it's a hardware vuln that allows (for example)
corrupting/modifying memory, which would also make the attack need to be
highly targeted, or a critical 0day in the linux kernel/dropbear, etc.

------
arca_vorago
Between this and the backdoor thing a few months ago, I don't know why anyone
would still be running linksys if they can help it, especially since Cisco
bought them out (I started as a cisco guy, now hate them). I prefer Open-WRT
for cheap stuff, but PFsense and Monowall pretty much take the cake to me. I
have been testing them but haven't moved any into home "production".

------
ck2
Bunch of WRTs on there.

I hope my good old WRT54G with tomato firmware is still safe after all these
years.

------
thejosh
Currently only works over LAN, how long until remote?

You could then tie it into something like Shodan...

~~~
sounds
Exploit is an HTTP request, so an attacker could send the request from
javascript: any website could attack your router.

~~~
deanclatworthy
Surely this only affects routers whose control panel is running on an open
port 80 and also remote access is enabled? Or is the point of this exploit
that by _default_ the router has port 80 open and remote login enabled?

~~~
gibybo
It wouldn't be remote login, it would be local login from the network, which
routers tend to have enabled by default (how else would you manage them?).

