[kwlug-disc] [kwlug-announce] Meeting Monday: OpenWRT

Paul Gallaway paul at gallaway.ca
Fri Aug 15 21:54:24 EDT 2014


On Thu, Aug 14, 2014 at 2:05 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> Those who have that router can test using the proof of concept that is
> detailed here
>
> http://sekurak.pl/tp-link-httptftp-backdoor/

Looking at the link, the exploit is run from:
http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html

I tried testing from the LAN side and the page was not found. Just the
nature of how it is executed tells me that OpenWRT has completely
replaced it.

On Thu, Aug 14, 2014 at 2:45 PM, unsolicited <unsolicited at swiz.ca> wrote:
> "UDPATE: confirmation of the issue (it is WAN exploitable if http admin is
> available from WAN side)"
>
> So don't open up http on the wan in the first place. Which is ill advised,
> regardless.

Agreed. I never would/will open remote/WAN HTTP access no matter what
system I'm using.

On Thu, Aug 14, 2014 at 4:40 PM, William Park <opengeometry at yahoo.ca> wrote:
> I think it's the firmware.  Since it's replaced by DD-WRT/OpenWRT
> firmware, that should solve it.

I can confirm this now as well.

Thanks all.





More information about the kwlug-disc mailing list