Home > Hardware, Linux > Reset DD-WRT http password using SSH

Reset DD-WRT http password using SSH

May 19th, 2009 Leave a comment Go to comments

So the other day I was making my usual password changing rounds on my accounts and devices. One of the things that I do change regularly is my password for DD-WRT. Somehow I changed it and could no longer access the device.

Alas, I did have SSH enabled and it let me log in using the original password that I had setup. I searched all over the place for documentation on doing this, and found nothing but people asking how to reset the actual router due to a lost password, and I wasn’t in the mood to rebuild my config. So here is the steps that I took.

1. Login to the router via ssh.
2. Type in nvram set http_passwd=
3. Then type in nvram commit

Finally, open your web browser and connect to your router. Change your password on the administration page and you are good to go.

–Himuraken

Categories: Hardware, Linux Tags: , ,
  1. mishle
    June 3rd, 2009 at 12:33 | #1
    Reply | Quote

    Thanks this worked great for me using telnet.

    I was locked out of the admin and I knew I had the right pasword.

    Thank you so much.

    Mishle

  2. sak
    June 8th, 2009 at 06:08 | #2
    Reply | Quote

    Can you explain step by step or not?
    I’m cannot cofig. of Wap54g and show password incorrect.

    Thank you

  3. himuraken
    June 9th, 2009 at 10:20 | #3
    Reply | Quote

    Sak, I am not sure that I understand your comment/question. Let me know what your are running into.

    –Himuraken

  4. herrfreak
    June 22nd, 2009 at 16:58 | #4
    Reply | Quote

    Thanks it worked for me as well on a wap54 g

  5. Engineer
    July 19th, 2009 at 19:11 | #5
    Reply | Quote

    I enabled JFFS and was unable to login using HTTP. However telnet and ssh still worked. The above workaround enabled me to get HTTP access working again. Many thanks!

  6. K
    July 22nd, 2009 at 06:11 | #6
    Reply | Quote

    Hrm, that sequence not only didn’t fix it for me, it’s locked me out via ssh too.

  7. phonox
    July 23rd, 2009 at 11:37 | #7
    Reply | Quote

    @K

    Hey, there is a critical bug in the actual version of DD-WRT.

    You can just enter

    http://192.168.1.1/;nvram set http_passwd=
    and
    http://192.168.1.1/;nvram commit

    look at
    http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173&postdays=0&postorder=asc&start=0

    You should update to preV24 as fast as possible…

    best regards,

    phonox

  8. phonox
    July 23rd, 2009 at 11:43 | #8
    Reply | Quote

    Sorry K,

    i tried that out for you, it didn’t work.

    but there is a way,

    http://192.168.1.1/;reboot

    works ;)

  9. phonox
    July 23rd, 2009 at 11:51 | #9
    Reply | Quote

    OK,

    I tried out some more, but didn’t succeed.

    it was http://192.168.1.1/cgi-bin/;reboot anyways.

    it prooves that you have root access.
    Instead of reboot you can type any shell command, but obviously no whitespaces or scripts :(

    Is there anyone who figured this out?

  10. Rob
    September 18th, 2009 at 18:58 | #10
    Reply | Quote

    This works on Telnet too! THANKS MAN!!

  11. ThatGuy
    November 1st, 2009 at 11:26 | #11
    Reply | Quote

    Thanks man, you rock!

  12. BrainSlayer
    January 1st, 2010 at 08:38 | #12
    Reply | Quote

    the exploit has been fixed a long time ago. your version is out of date.
    beside this. isnt it easier to use the command
    “setuserpasswd” instead of modifying the nvram.
    the command does allow resetting of the username and password to a new one

  13. Joe Cleveland
    March 9th, 2010 at 00:42 | #13
    Reply | Quote

    Thanks a million, rebooted router and kept asking for password! this tip worked.

  14. Pipoca
    May 22nd, 2010 at 20:47 | #14
    Reply | Quote

    Worked for me too in Telnet. Thanks a lot, Himuraken!

  1. June 13th, 2009 at 23:40 | #1
    My site.
  2. August 6th, 2009 at 21:16 | #2
    Gember Design » DD-WRT Password Reset