[PLUG] SOHO router
Russell Senior
russell at personaltelco.net
Wed Mar 7 18:43:22 UTC 2012
>>>>> "Denis" == Denis Heidtmann <denis.heidtmann at gmail.com> writes:
Denis> [...] I stumbled on
Denis> http://www.defcon.org/images/defcon-18/dc-18-presentations/Heffner/DEFCON-18-Heffner-Routers-WP.pdf.
Denis> I see that open WRT is listed as vulnerable. Is this of
Denis> concern to anybody?
The presentation is from 2010. I would expect that the vulnerability,
such as it was, has been mitigated by this point. I know there have
been multiple dnsmasq changes since then, it's quite possible one of
them addressed this.
My skim/reading of the article implies that a remote attacker might be
able to get access to an otherwise LAN-only-enabled admin interface.
However, without the password, even that shouldn't help. Set a
password. ;-) Also, it seemed to require older browsers to exploit.
My admin interface is ssh ;-).
The AirRouter's stock firmware requires a password for access to the
admin interface, and if you set your own password it won't be easily
guessable you should be fine.
--
Russell Senior, President
russell at personaltelco.net
More information about the PLUG
mailing list