DD-WRT SSID Script Injection Vulnerability
- Published: 28 Jul 2008
DD-WRT SSID Script Injection Vulnerability
Share
Type
- DDWRT - SSID Script Injection Vulnerability
Severity
- High
Affected products
- DDWRT
Date
- 2008-07-28
CVE Reference
- N/A
DD-WRT is a third party developed firmware released under the terms of the GPL for many ieee802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design. As a result of the research conducted to produce the paper Behind Enemy Lines it was discovered that the DD-WRT administrative web interface is vulnerable to a SSID script injection attack. An attack could be crafted that could allow remote attackers to fully compromise the device. To resolve this vulnerability it is recommended that the software be upgraded to the latest available version.