Researchers from Check Point’s Malware and Vulnerability Research Group recently uncovered this critical vulnerability present on millions of residential gateway (SOHO router) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over the device with administrative privileges.
Quote:
The affected software is the embedded web server RomPager from AllegroSoft. Internet-wide scans suggest RomPager is likely the most popular web server software in the world with respect to number of available endpoints. RomPager is typically embedded in the firmware released with the device.
I'm wondering if dd-wrt has this vulnerability. Does it use any code from RomPager SDK for web server?
Good to know dd-wrt is not using RomPager; not enough info about how corrupt cookies cause issue and if disabling remote access would be enough. So, if not there at all, we should be fine.