Is current DD-WRT vulnerable to this?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
nickant
DD-WRT User


Joined: 09 Feb 2016
Posts: 162

PostPosted: Wed Jan 22, 2020 9:16    Post subject: Is current DD-WRT vulnerable to this? Reply with quote
Today's article in Ars Technica:
https://arstechnica.com/information-technology/2020/01/internet-routers-running-tomato-are-under-attack-by-notorious-crime-gang/
The headline says Tomato, but DD-WRT gets a mention in the second,fifth and last paragraphs.
Can someone please confirm if this is something to be concerned with, and from what build onwards is safe?

_________________
------------------------------------
Linksys EA8500 DD-WRT r44632 (Gateway)
Linksys WRT1900ACv1 DD-WRT r44628 (AP)
Netgear/Telstra V7610 (spare AP)
Billion BiPAC 7800NXL (spare AP)
Netgear WNDR3700v4 DD-WRT r44538 (spare Gateway + OpenVPN Client)
Photos: https://www.flickr.com/photos/nickant44/albums
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3885
Location: UK, London, just across the river..

PostPosted: Wed Jan 22, 2020 9:24    Post subject: Reply with quote
nope, unless you are not an idiot to compromise your own router.... Twisted Evil
telnet/ssh are not available on reset, the default telnet its activated once user set pass, on default there is no WAN details and so on...and so on..

bruteforce is limited to certain success so far i havent seen hacked DDWRT unit..with automated bruteforce...if you are so paranoiac disconnect the unit prior update...and never use WAN GUI access unless is not secured with private encrypted-pass protected key only...

but've seen Netgear, TP-Link, D-Link on stock firmware to do a lot of shit...

more on the subject https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322859

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44627 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Wed Jan 22, 2020 9:31; edited 1 time in total
nickant
DD-WRT User


Joined: 09 Feb 2016
Posts: 162

PostPosted: Wed Jan 22, 2020 9:31    Post subject: Reply with quote
Following one of the links from the article leads to this:
muhstik: We first disclose this botnet last month (report-2018-04). In the latest update, Muhstik added exploits for the three vulnerabilities: GPON (cve-2018-10561, cve-2018-10562), JBOSS (cve-2007-1036) and DD-WRT (Web Authentication Bruteforcing).

Not sure if it's an issue or not, just asking.
And no, I don't do remote management and all passwords used are diceware generated with entropy over 100...

_________________
------------------------------------
Linksys EA8500 DD-WRT r44632 (Gateway)
Linksys WRT1900ACv1 DD-WRT r44628 (AP)
Netgear/Telstra V7610 (spare AP)
Billion BiPAC 7800NXL (spare AP)
Netgear WNDR3700v4 DD-WRT r44538 (spare Gateway + OpenVPN Client)
Photos: https://www.flickr.com/photos/nickant44/albums
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3885
Location: UK, London, just across the river..

PostPosted: Thu Jan 23, 2020 8:17    Post subject: Reply with quote
in general everyone can create an automated script to attack a certain vulnerabilities....here and there..

so, far WAN remote access is not present on default as well telnet and SSh and i don't know how many ppl are using it with default password or something like...

basically this article has not much idea in it, than someone's want to attract attention and address very rare occasions related to an a deliberate router misconfiguration....

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44627 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 1619

PostPosted: Thu Jan 23, 2020 9:32    Post subject: Reply with quote
The article is FUD clickbait.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3885
Location: UK, London, just across the river..

PostPosted: Thu Jan 23, 2020 13:46    Post subject: Reply with quote
blkt wrote:
The article is FUD clickbait.


FUD = Fear Uncertainty and Doubt

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44627 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7270
Location: Texas, USA

PostPosted: Thu Jan 23, 2020 17:38    Post subject: Reply with quote
Alozaros wrote:
blkt wrote:
The article is FUD clickbait.


FUD = Fear Uncertainty and Doubt


I'm sure you've both GDB'd and vulnerability tested the code and firmware images. /couldn'tresist Mr. Green

_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3885
Location: UK, London, just across the river..

PostPosted: Thu Jan 23, 2020 18:12    Post subject: Reply with quote
kernel-panic69 wrote:
Alozaros wrote:
blkt wrote:
The article is FUD clickbait.


FUD = Fear Uncertainty and Doubt


I'm sure you've both GDB'd and vulnerability tested the code and firmware images. /couldn'tresist Mr. Green


Yes... i do I really do ... Razz
I'm sure you wouldn't tell us, if you find something on your own...

_________________
Atheros
TP-Link WR740Nv1 -----DD-WRT 44538 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 44627 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 44538 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 44538 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 44538 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 7270
Location: Texas, USA

PostPosted: Thu Jan 23, 2020 21:15    Post subject: Reply with quote
Gee, I don't know how to answer that... Shocked Evil or Very Mad Exclamation
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum