【漏洞】DD-WRT v24 SP1 httpd vulnerability (milw0rm.com report) 2009-07-22

[FYI]

milw0rm 網站於2009-07-22 公佈了一個DD-WRT v24 SP1 的 "remote Web GUI management" 漏洞, 可以讓駭客輕易取得DD-WRT 控制權, 如果您已經啟用Web GUI 遠端登入的話, 暫時解決辦法就是關閉Web GUI 遠端登入並更新韌體, 或設定防火牆條例, 詳情請看DD-WRT 首頁, DD-WRT v23 似乎未受影響, 但就算有也不令人意外

測試方法:

語法:

http://192.168.1.1/cgi-bin/;reboot

DD-WRT (httpd service) Remote Command Execution Vulnerability

[FYI]

如果在Administration -> Remote Access 強制啟用Use HTTPS, Web GUI Port 443, 似乎也可以暫時避開此漏洞

[FYI]

由於最近有需要更新親戚的Belkin F5D7230-4 v1444, 最後不得已還是選擇有安全性漏洞的DD-WRT v23 SP2 版, 但是手動打上補釘

DD-WRT Forum :: View topic - DD-WRT Root exploit posted today

the exploit also could be stopped, using a firewall rule.

Go to your router, "Administration", "Commands" and enter the follwing text:

insmod ipt_webstr
ln -s /dev/null /tmp/exec.tmp
iptables -D INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset
iptables -I INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset

and press "Save Firewall", then reboot your router.

This rule blocks any try to access sth that has "cgi-bin" in the url.

You can proove, that the rule works by entering: http://192.168.1.1/cgi-bin/;reboot in your browser. That should give a "Connection was reset" (Firefox).

Important Note: this does not work, if https managment is turned on.

You need to turn off https managment. If you don't want to do that, PLEASE UPDATE.