>>>>> "Denis" == Denis Heidtmann <[email protected]> writes:
Denis> [...] I stumbled on Denis> http://www.defcon.org/images/defcon-18/dc-18-presentations/Heffner/DEFCON-18-Heffner-Routers-WP.pdf. Denis> I see that open WRT is listed as vulnerable. Is this of Denis> concern to anybody? The presentation is from 2010. I would expect that the vulnerability, such as it was, has been mitigated by this point. I know there have been multiple dnsmasq changes since then, it's quite possible one of them addressed this. My skim/reading of the article implies that a remote attacker might be able to get access to an otherwise LAN-only-enabled admin interface. However, without the password, even that shouldn't help. Set a password. ;-) Also, it seemed to require older browsers to exploit. My admin interface is ssh ;-). The AirRouter's stock firmware requires a password for access to the admin interface, and if you set your own password it won't be easily guessable you should be fine. -- Russell Senior, President [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
