Interestingly on this vendor list published on cert.org dd-wrt is marked as not affected while openwrt isn't mentioned. Not being mentioned perhaps an official cert request wasn't sent or didn't arrived the right person / wasn't answered?
Perhaps simply it doesn't use one of the affected TCP/IP stacks?
Exactly!
That embedded TCP/IP stacks are built for microcontrollers or embedded processors that mostly can't run Linux due some hardware limitations. Limitations can be RAM, ROM, MMU or even processor power.
But i can't see Linux built-in TCP/IP networking stack on this CERT vulnerability list. Therefore Linux (and probably BSD) isn't affected.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.