Hacker News new | ask | show | jobs
by JohnFen 2418 days ago
> There could be a XSS vulnerability in the management interface.

Surely you aren't exposing that interface to the world at large, right?
1 comments
basch 2418 days ago
If you click the wrong link while youre on the lan side.

Of all the devices in a house, a router should be the most important to keep up to date.

link
BubRoss 2418 days ago
Pfsense and ddwrt were some of the first router software packages to fix DNS rebind attacks if that's what you are talking about.

If it is not, you will have to explain exactly the vulnerability works.

link
chopin 2418 days ago
A link can also have an IP address as host. Many routers come with 192.168.1.1 preconfigured. With Javascript enabled you could also probe the network and craft a fitting link.

Preventing DNS rebind attacks closes only one avenue.

link
BubRoss 2417 days ago
How would that work exactly and how would it be router insecurity?
link