The Register reports
on a DD-WRT vulnerability that would appear to justify an update.
"The bug resides in DD-WRT's hyper text transfer protocol daemon,
which runs as root. Because the httpd doesn't sanitize user-supplied input,
it's vulnerable to remote command injection. While the httpd doesn't listen
on the outbound interface, attackers can easily access it using CSRF
(cross-site request forgery) techniques."
(Log in to post comments)