Submission + - Open-source firmware vuln exposes wireless routers
An anonymous reader writes: A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made my Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it.
The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many router users install to give their device capabilities not available by default. The bug allows unauthenticated users to remotely gain root access simply by luring someone on the local network to a malicious website.
"This means someone can even post some crafted [img] link on a forum and a dd-wrt router owner visiting the forum will get owned," a user named "gat3way" wrote in this submission to Milw0rm. "A weird vulnerability you're unlikely to see in 2009 :) Quite embarrassing I would say."
http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/
http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/