DD-WRT SSID Script Injection Vulnerability

Product DDWRT
Severity High
CVE Reference N/A
Type DDWRT - SSID Script Injection Vulnerability

DD-WRT is a third party developed firmware released under the terms of the GPL for many ieee802.11a/b/g/h/n wireless routers based on a Broadcom or Atheros chip reference design. As a result of the research conducted to produce the paper Behind Enemy Lines it was discovered that the DD-WRT administrative web interface is vulnerable to a SSID script injection attack. An attack could be crafted that could allow remote attackers to fully compromise the device. To resolve this vulnerability it is recommended that the software be upgraded to the latest available version.