Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Wed Jan 22, 2020 9:24 Post subject:
nope, unless you are not an idiot to compromise your own router....
telnet/ssh are not available on reset, the default telnet its activated once user set pass, on default there is no WAN details and so on...and so on..
bruteforce is limited to certain success so far i havent seen hacked DDWRT unit..with automated bruteforce...if you are so paranoiac disconnect the unit prior update...and never use WAN GUI access unless is not secured with private encrypted-pass protected key only...
but've seen Netgear, TP-Link, D-Link on stock firmware to do a lot of shit...
more on the subject https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322859 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Wed Jan 22, 2020 9:31; edited 1 time in total
Following one of the links from the article leads to this:
muhstik: We first disclose this botnet last month (report-2018-04). In the latest update, Muhstik added exploits for the three vulnerabilities: GPON (cve-2018-10561, cve-2018-10562), JBOSS (cve-2007-1036) and DD-WRT (Web Authentication Bruteforcing).
Not sure if it's an issue or not, just asking.
And no, I don't do remote management and all passwords used are diceware generated with entropy over 100... _________________ ------------------------------------
Netgear XR500 OpenWrt-23.05.3 (Gateway)
Linksys EA8500 OpenWrt-23.05.3 (Wired AP)
Linksys WRT3200ACM DD-WRT r55819 (spare Wired AP)
Netgear WNDR3700v4 DD-WRT r55779 (spare Gateway)
Photos: https://www.flickr.com/photos/nickant44/albums
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Jan 23, 2020 8:17 Post subject:
in general everyone can create an automated script to attack a certain vulnerabilities....here and there..
so, far WAN remote access is not present on default as well telnet and SSh and i don't know how many ppl are using it with default password or something like...
basically this article has not much idea in it, than someone's want to attract attention and address very rare occasions related to an a deliberate router misconfiguration.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913