Official Tomato v1.13.1252 Released

Discussion in 'Tomato Firmware' started by frode3, Dec 5, 2007.

  1. DeCex

    DeCex LI Guru Member

    Why do i get more speed/throughput using Linksys WRT54G v2.2 running Tomato v1.11.7 compare to the new 1.13.1252 firmware version. Should be other way round. Anyone else experience this performance issue.
  2. apelete

    apelete LI Guru Member

  3. Sunspark

    Sunspark LI Guru Member

    Those of you saying you got more speed w/ 1.11 vs 1.13 should show how you are measuring that. With zero info it's the same as saying 1.11 brought you your newspaper.
  4. sunnyoc

    sunnyoc Network Guru Member

    download tomato 1.13


    Where do I download the Tomato latest firmware? It seems I can't access the polarcloud website.

  5. LLigetfa

    LLigetfa LI Guru Member

    Same place.
  6. paped

    paped LI Guru Member

    Stable but had a few DNS/PPPoE issues to start with which now appear to be sorted - keep up the good work..... great firmware!!!!
  7. DeCex

    DeCex LI Guru Member

    Must be a noob thingy, I config it the way i want it, reboot, now works very good for the WRT54G 2.2
  8. sunnyoc

    sunnyoc Network Guru Member

    thanks. but polarcloud website has been down for atleast couple of days. if someone knows anyother place to download or help me in downloading the latest version of tomato firmware, i would appreciate.


  9. tivoboy

    tivoboy LI Guru Member


    With this version, I am seeing a reboot daily, have not been able to keep the router alive for more than 24 hours.

  10. bhlonewolf

    bhlonewolf LI Guru Member

  11. sunnyoc

    sunnyoc Network Guru Member

    Seems like my work place is blocking the website and I asked my wife to try at home and it works. Thanks Guys.....

  12. szfong

    szfong Network Guru Member


    I suspect it's an incompatibility with the wireless card you are using to connect to Tomato. Some wireless clients will cause Tomato to spontaneously reboot. You may consider upgrading your wireless card driver. Or a different firmware which uses slightly newer wl drivers (eg. openwrt/dd-wrt). Best option is just upgrade your wireless card driver or use a different wireless card to connect to your router since Tomato has an excellent balance of features and stability compared to the others. If your using it as a public hotspot with many users, then it's a big problem.

  13. szfong

    szfong Network Guru Member

    Linksys WRT54GL is prone to an authentication-bypass vulnerability.

    I've just received the following security vulnerability notice concerning WRT54GL code. It affects firmware versions 4.30.11 and prior. Does anyone know if Tomato v1.13 IS vulnerable? It includes a sample code of how it can be exploited:



    Team Intell Security Advisory TISA2008-01
    Linksys WRT54 GL - Session riding (CSRF)

    Release date: 07.01.2008
    Severity: High
    Remote-Exploit: yes
    Impact: Session riding
    Status: Official patch not available
    Software: Linksys WRT54 GL
    Tested on: firmware version 4.30.9
    Vendor-Status: informed on 14.08.2007
    Disclosed by: Tomaz Bratusa (Team Intell)[TISA-2008-01]


    The Linksys Wireless-G Broadband Router is really three devices in one box. First, there's the Wireless Access Point, which lets you connect both screaming fast Wireless-G (802.11g at 54Mbps) and Wireless-B (802.11b at 11Mbps) devices to the network. There's also a built-in 4-port full-duplex 10/100 Switch to connect your wired-Ethernet devices together. Connect four PCs directly, or attach more hubs and switches to create as big a network as you need. Finally, the Router function ties it all together and lets your whole network share a high-speed cable or DSL Internet connection.

    Security Risk
    Linksys WRT54GL is prone to an authentication-bypass vulnerability. Reportedly, the device permits changes in its configuration settings without requring authentication (CSRF).

    Technical Description
    Linksys WRT54GL is prone to an authentication-bypass vulnerability. The problem presents itself when a victim user visits a specially crafted web page on an attacker-controlled site. An attacker can exploit this vulnerability to bypass authentication and modify the configuration settings of the device.

    If the administrator of Linksys WRT54GL is logged into the device and opens a malicious website or email with the same browser, he is subject to attacks.
    Imagine the worst case, where the administrator is constantly logged into his firewall appliance because he needs to configure changes throughout
    the day. A malicious link executing unnoticed by the administrator may open the firewall.

    This issue is reported to affect firmware version 4.30.9; other firmware versions may also be affected.


    Folowing the previous link will disable the firewall on on your LAN.

    1.No official patch yet.

    2.Do not surf the web when you are configuring your router.


    14.08.2007 discovery of the vulnerability
    14.08.2007 contacted the vendor
    14.08.2008 Response from Cisco - They are working on it
    22.10.2007 Request for status
    30.10.2007 Response from Cisco - They will include the patch in the next firmware upgrade
    07.01.2008 advisory is written
    07.01.2008 Vulnerability is made public


    Maldin d.o.o.
    Trzaska cesta 2
    1000 Ljubljana - SI

    tel: +386 (0)590 70 170
    fax: +386 (0)590 70 177
    gsm: +386 (0)31 816 400
    e-mail: info(at)


    The content of this report is purely informational and meant for educational purposes only. Maldin d.o.o. shall in no event be liable for any damage whatsoever, direct or implied, arising from use or spread of this information. Any use of information in this advisory is entirely at user's own risk.

    A separate advisory indicates:

    Secunia Advisory: SA28364
    Release Date: 2008-01-09
    Last Update: 2008-01-10

    Less critical
    Impact: Cross Site Scripting
    Where: From remote
    Solution Status: Unpatched

    OS: Linksys WRT54GL 4.x

    This advisory is currently marked as unpatched!
    - Companies can be alerted when a patch is released!

    Tomaz Bratusa has reported a vulnerability in Linksys WRT54GL, which can be exploited by malicious people to conduct cross-site request forgery attacks.

    The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. disable the firewall by enticing a logged-in administrator to visit a malicious site.

    The vulnerability affects firmware versions 4.30.11 and prior.

    The vendor is currently working on a fix.

    Do not browse untrusted websites or follow untrusted links while logged on to the application.

    Provided and/or discovered by:
    Tomaz Bratusa, Team Intell

    2008-01-10: Updated "Description" section to include additional information on versions affected based on additional information from the vendor.

    Original Advisory:
    TISA-2008-01 (via Bugtraq):

    Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

    Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  14. szfong

    szfong Network Guru Member

    Linksys WRT54GL is prone to an authentication-bypass vulnerability.

    You may ignore my previous post concerning this. This vulnerability has just been fixed in newest Tomato v1.14. That was QUICK! ;-)

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice