[chopin]

It's not that easy:

There could be a XSS vulnerability in the management interface.

There could be a vulnerability in any component which is internet facing.

The router is handling packets. There might be a vulnerability in that logic allowing for maliciously crafted packets (in the answer of a request).

[BubRoss]

There -could- be a lot of things. Pfsense and ddwrt were some of the very first router software packages to address DNS rebind attacks.

I think saying tomato is more secure and refined than some router that updates itself constantly to secretly bait and switch the user's expectations is an understatement.

[JohnFen]

> There could be a XSS vulnerability in the management interface.

Surely you aren't exposing that interface to the world at large, right?

[basch]

If you click the wrong link while youre on the lan side.

Of all the devices in a house, a router should be the most important to keep up to date.

[BubRoss]

Pfsense and ddwrt were some of the first router software packages to fix DNS rebind attacks if that's what you are talking about.

If it is not, you will have to explain exactly the vulnerability works.

[chopin]

A link can also have an IP address as host. Many routers come with 192.168.1.1 preconfigured. With Javascript enabled you could also probe the network and craft a fitting link.

Preventing DNS rebind attacks closes only one avenue.

[BubRoss]

How would that work exactly and how would it be router insecurity?