Critical Flaw Discovered In DD-WRT

MagicM writes "A critical flaw has been discovered in DD-WRT, a Linux based alternative open source firmware for WLAN routers such as the fan-favorite Linksys WRT54GL. The flaw can give an attacker instant root access to the router merely by embedding an image with a specially crafted URL in a Web page (CSRF attack)." The linked page notes that a fix is being rolled out (build 12533) and gives firewall rules to thwart the attack if the fix is not available yet for a particular device.

I'd download the patch but...

[Anonymous Coward]

my router keeps redirecting me to porn sites and scrolling "pWnD by c0d3k177y" in HTML marquee tags at the top of my browser.

Re:Standard Practices

[Anonymous Coward]

Good idea, but this is a critical exploit because hackers can make an img tag load the malformed URL.

What about dentists? Can dentists make an img tag to load the malformed URL too, or just hackers?

Sorry to see you go

[Anonymous Coward]

Greetings, I am a Linksys customers service representative. While I'm sorry to hear that you'll be leaving us, I'd like to remind you that if you have to wait for your paycheck in order to purchase a piece of home networking equipment, perhaps navigating flash based websites is the least of your worries. Have you considered going back to school?

Re:It's "homogeneity"

[BadAnalogyGuy]

langs morf. get use 2 it.

Re:This is a common stack in wifi APs

[troll8901]

The router appears to glow in the picture.

Does that mean the router has biochemical reactions involving free radicals as well?

Someone call Greenpeace! There's a lack of environmental progress from router makers!

Re:This is a common stack in wifi APs

[DavoMan]

Zomg they have discovered a vulnerability in EARTH! My infastructure runs on earth! Oh noes!! F1 key! F1!!!

Re:Mod Parent Up

[Starayo]

I traded my gamecube for a wii and bought a 360, and hooked them both up to my computer! :D