DD-WRT SSID Script Injection Vulnerability

    Type

  • DDWRT - SSID Script Injection Vulnerability

    • Severity

  • High

    • Affected products

  • DDWRT

    • Date

  • 2008-07-28

    • CVE Reference

  • N/A

DD-WRT is a third party developed firmware released under the terms of the GPL for many ieee802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design. As a result of the research conducted to produce the paper Behind Enemy Lines it was discovered that the DD-WRT administrative web interface is vulnerable to a SSID script injection attack. An attack could be crafted that could allow remote attackers to fully compromise the device. To resolve this vulnerability it is recommended that the software be upgraded to the latest available version.