<<< Date Index >>>     <<< Thread Index >>>

Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)



this is no security flaw since you must be already logged in within the 
webinterface of dd-wrt. otherwise this here will not work. we already fixed 
this issue in our sourcetree

as additional information. this is no dd-wrt specific issue. all other firmware 
like openwrt etc. would suffer from it too. 

in fact. just a plain POST to a authenticated dd-wrt session. without beeing 
logged in locally it would not have any effect