Is my router affected by the Heartbleed Bug?

A few days ago, a catastrophic security vulnerability with OpenSSL dubbed the “heartbleed bug” was disclosed by a Google employee. I will not go in the details since this article offers a fantastic explanation, but let’s just say it’s quite a big deal, and a lot of applications are affected.

Most sites have already started applying fixes and notifying their users, but aside from various websites, there are a few other devices that are affected, including routers.

If you are using DD-WRT build versions 19163 to 23882, then you are at risk and should update your router firmware immediately.

OpenWRT users are also affected according to various user reports. As for Tomato users, you are safe as long as you are using an official release, as pointed out by a reader in the comments.

If you have another router model, make sure it’s not using OpenSSL between versions 1.0.1 (excluding 1.0.1g) and 1.0.2. If your firmware uses OpenSSL and was built between 2012 and april 2014, it’s likely to be affected.

Was your router affected by the Heartbleed bug? Report your findings in the comments.

2 comments on “Is my router affected by the Heartbleed Bug?

  1. Actually, I have a problem with those “user reports” alleging that Tomato is vulnerable as well: the last official release is AFAIK the 1.28 which is both just too old (> 3 years) to contain the bug (as that has been introduced only 2 years ago) and explicitly using a pre-vuln version of OpenSSL (0.9.6d, according to the 1.28 source repo).

    Now, various newer mods and forks may very well be vulnerable indeed, but let’s call them as such then, shall we – I just don’t see how the last official version could possibly be…?

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax