Does anyone know if Tomato shares any similarity with DD-WRT? Should I assume this wouldn't affect it?

Seems like the attacker would have to know the default IP of your router. I always change mine from the typical defaults.

It's not obvious from the post whether or not this would affect other open source firmware, including Tomato. The others may have their own httpd or even if they share code, may have implemented some URL sanitization.

It also seem to only impact more recent versions of the code, another win for procrastinators or those who read the directions and wonder if it is really all that safe...will it brink this time?
Thanks for the heads up Andy.

I bet most people's routers are somewhere on 192.168.0.x or 192.168.1.x, so you wouldn't need to know the IP as it is easy to just target all 508 IPs in those range.

I suppose you're correct, the attacker could include the IP ranges within a small javascript loop. I was thinking about it from the perspective of having to click on a single compromised link.

But those two ranges would still miss my router. I definitely agree that most people don't change the IP at all, but then again, most people don't run third party firmware either.

A good one to get fixed as soon as possible, but not something to be terribly worried about short or long term. It should be trivial to have any open source project of this type patched quickly. Sanitizing a URL is pretty straight forward.

A cursory test implies that Tomato (at least my installation) is not affected. Authentication seems to always be required and, if authenticated, the cgi-bin URL returns a 404.

Thanks, I have a dozen or so Tomato setups in clients' networks