CVE-2021-27137
DD-WRT · DD-WRT
DD-WRT is vulnerable to a stack-based buffer overflow in the UPnP service, which could allow an unauthenticated attacker to achieve remote code execution.
Executive summary
A stack-based buffer overflow in the DD-WRT UPnP service poses a critical risk of remote code execution for affected router installations.
Vulnerability
This vulnerability is a stack-based buffer overflow (CWE-121) located within the SSDP component of the router UPnP service. The attack vector is network-based and does not require authentication or user interaction.
Business impact
Successful exploitation of this flaw allows an attacker to execute arbitrary code on the affected router with elevated privileges. This could lead to a total compromise of network traffic, unauthorized access to internal resources, or the enrollment of the device into a botnet, as evidenced by reports of the c0xmo botnet targeting this specific vulnerability. With a CVSS score of 8.1, the risk of complete system takeover is high.
Remediation
Immediate Action: Update the DD-WRT firmware to version 45724 or later immediately.
Proactive Monitoring: Monitor network traffic for unusual SSDP or UPnP activity and review router system logs for signs of unauthorized configuration changes or process crashes.
Compensating Controls: If an immediate update is not possible, disable the UPnP service on the router and implement strict firewall rules to block inbound traffic to the SSDP/UPnP ports.
Exploitation status
Public Exploit Available: No (no weaponized exploit confirmed).
Analyst recommendation
Given the evidence that this vulnerability is being utilized by botnets to propagate malware, immediate remediation is required. Administrators must verify their current firmware version and apply the update to version 45724 or higher to eliminate the buffer overflow risk.