Is dd-wrt susceptible to the Misfortune Cookie vulnerability

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
a1smith
DD-WRT Novice


Joined: 20 Mar 2011
Posts: 30
PostPosted: Fri Dec 19, 2014 4:29    Post subject: Is dd-wrt susceptible to the Misfortune Cookie vulnerability Reply with quote
From http://mis.fortunecook.ie/

Quote:
Researchers from Check Point’s Malware and Vulnerability Research Group recently uncovered this critical vulnerability present on millions of residential gateway (SOHO router) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over the device with administrative privileges.


Quote:
The affected software is the embedded web server RomPager from AllegroSoft. Internet-wide scans suggest RomPager is likely the most popular web server software in the world with respect to number of available endpoints. RomPager is typically embedded in the firmware released with the device.


I'm wondering if dd-wrt has this vulnerability. Does it use any code from RomPager SDK for web server?
Back to top View user's profile Send private message
Sponsor
Newbrain
DD-WRT User


Joined: 28 Dec 2013
Posts: 172
PostPosted: Fri Dec 19, 2014 16:07    Post subject: Reply with quote
No, DD-WRT use lighttpd. Anyways, don't enable any webserver/services on the WAN side Smile

Edited to add that the WebIF actually runs under Milkfish

/Newbrain
Back to top View user's profile Send private message
a1smith
DD-WRT Novice


Joined: 20 Mar 2011
Posts: 30
PostPosted: Fri Dec 19, 2014 21:16    Post subject: Reply with quote
I agree; I have all remote access disabled.

Good to know dd-wrt is not using RomPager; not enough info about how corrupt cookies cause issue and if disabling remote access would be enough. So, if not there at all, we should be fine.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum