Thursday, July 23, 2009

DD-WRT v24 SP1 httpd vulnerability

As reported at www.miw0rm.com there is a vulnerability in the http-server for the DD-WRT management GUI that can be used for execution of an exploit to gain control over the router.

By default, if you have used our DD-WRT install guide, followed those steps only, and didn't enable the remote web gui management in the router, your router is safe.

BUT if you have enabled the remote web gui management in the Administration tab AND your router is connected directly to the internet (is not behind another router, but is connecting to the ADSL modem directly with an ADSL username or password for example), your router is vulnerable and you should do one of the following to make your router safe:

- You can turn off the remote web gui management under the Administration tab in the router's admin panel if you don't need this function

- You can update your firewall settings through the Administration > Commands tab. Press EDIT in the firewall section and paste these commands into the box:

insmod ipt_webstr
ln -s /dev/null /tmp/exec.tmp
iptables -D INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset
iptables -I INPUT -p tcp -m tcp -m webstr --url cgi-bin -j REJECT --reject-with tcp-reset

then press "Save Firewall" and reboot your router.

If you do this, be sure that if you have HTTPS Management turned ON under > Administration > Management > Remote Access, then turn it off.

- You can replace the DD-WRT firmware to a newer one (latest is v24 preSP2 build 12533), you can download it from dd-wrt.com using the router search. However, this firmware is a beta firmware, so use it at your own risk. The setup command from the Control Center should work, but be sure to reset the firmware to factory defaults before using the command.

- You can change your firmware to CoovaAP. Only do this if you don't use special functions in DD-WRT like the secondary SSID function.

Thursday, July 9, 2009

Featured Client: Beach Road Hotel, Cambodia

From time to time we introduce some of our clients. This month's featured client is Beach Road Hotel in Cambodia with white sand beaches, beautiful nature and great nightlife. Here're some photos of the location:





They have also printed "Wi-FI Internet Hotspot by HotspotSystem.com" to a large banner:






About the installation:

Buffalo is controlling everything, it's in the office, so cat5 is going to
bar/reception area where's small d-link ap and other one goes to big antenna where's big d-link ap and big antenna, we also plan to put couple of ap-s to the back of the hotel area, so everything is filled, because big antenna makes pretty much black hole where it is, but in the mean time it's working well around the hotel, like 500m from hotel is pretty good reception, so all the ap-s have same SSID called BEACH ROAD HOTEL.







And what do they say about our system?

HotSpotSystem Rocks!
We tried different services before, bought also separate pc system for controlling the internet, but nothing really worked better than hotspotsystem, as long you have internet for sale you're on board...


Thanks Tarmo for the photos, detailed explanation and testimonal.

Would you like to see your location in our blog? Just send your pictures with a short explanation to us!