Reset DD-WRT http password using SSH
So the other day I was making my usual password changing rounds on my accounts and devices. One of the things that I do change regularly is my password for DD-WRT. Somehow I changed it and could no longer access the device.
Alas, I did have SSH enabled and it let me log in using the original password that I had setup. I searched all over the place for documentation on doing this, and found nothing but people asking how to reset the actual router due to a lost password, and I wasn’t in the mood to rebuild my config. So here is the steps that I took.
1. Login to the router via ssh.
2. Type in nvram set http_passwd=
3. Then type in nvram commit
Finally, open your web browser and connect to your router. Change your password on the administration page and you are good to go.
–Himuraken
Thanks this worked great for me using telnet.
I was locked out of the admin and I knew I had the right pasword.
Thank you so much.
Mishle
Can you explain step by step or not?
I’m cannot cofig. of Wap54g and show password incorrect.
Thank you
Sak, I am not sure that I understand your comment/question. Let me know what your are running into.
–Himuraken
Thanks it worked for me as well on a wap54 g
I enabled JFFS and was unable to login using HTTP. However telnet and ssh still worked. The above workaround enabled me to get HTTP access working again. Many thanks!
Hrm, that sequence not only didn’t fix it for me, it’s locked me out via ssh too.
@K
Hey, there is a critical bug in the actual version of DD-WRT.
You can just enter
http://192.168.1.1/;nvram set http_passwd=
and
http://192.168.1.1/;nvram commit
look at
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173&postdays=0&postorder=asc&start=0
You should update to preV24 as fast as possible…
best regards,
phonox
Sorry K,
i tried that out for you, it didn’t work.
but there is a way,
http://192.168.1.1/;reboot
works
OK,
I tried out some more, but didn’t succeed.
it was http://192.168.1.1/cgi-bin/;reboot anyways.
it prooves that you have root access.
Instead of reboot you can type any shell command, but obviously no whitespaces or scripts
Is there anyone who figured this out?
This works on Telnet too! THANKS MAN!!
Thanks man, you rock!
the exploit has been fixed a long time ago. your version is out of date.
beside this. isnt it easier to use the command
“setuserpasswd” instead of modifying the nvram.
the command does allow resetting of the username and password to a new one
Thanks a million, rebooted router and kept asking for password! this tip worked.
Worked for me too in Telnet. Thanks a lot, Himuraken!
Awesome tip, this got me out of a pickle. Much obliged!
Thanks – helped me just now. Previously I would reset my router and lose all settings that I had to redo.
i don’t understand any of the terms. how does this SSH work? is there a website needed for this or a software? thank you
Thanks, still works great on v24 – sp2
I haven’t read all the comments yet, but one thing that should be mentioned is that the password is encrypted. So if you type nvram set http_passwd=Password123 … this will not work. I haven’t tried yet, but I imagine that you need to type http_passwd=MD5(“Password123″) or something like this. *I’m actually not sure what the encryption is.
if you type nvram show | grep http_passwd you will see that it’s encrypted.
if you have to reset everything to default type erase nvram && reboot
@K
most likely because the password has to be encrypted and you just typed a regular string value.
Great tip! Couldn’t get back into the router until now.
can you help me how to set password on my router(cd-r king WRT-688)
the 192.168.1.1 dd-wrt set-up being prompted when i tried to set-up it requires a username and password are being requested by http://192.168.1.1. The site says: “DD-WRT”