|
Linksys Routers Administrative Web Interface Access Security Issue
|
|
|
|
|
Secunia Advisory:
|
SA11754
|
|
|
Release Date:
|
2004-06-02
|
|
Last Update:
|
2004-06-07
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linksys BEF series routers
Linksys WRT54G Wireless-G Broadband Router
|
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A security issue has been reported in some Linksys routers, which potentially may grant malicious people administrative access to a vulnerable device.
The problem is that the administrative web interface is accessible on the WAN interface, even though the remote administration functionality has been disabled.
The issue has been reported in the following products:
* Linksys WRT54G (firmware release 2.02.7)
* Linksys BEFSR41 ver.3
Other products and firmware releases may also be affected.
Solution:
The vendor has released a beta fix for the WRT54G product:
ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
Configure a strong password for the administrative web interface.
Restrict access to the administrative web interface (it has been suggested to e.g. use port forwarding to forward inquiries to ports 80 and 443 to a non-existant IP address).
Use another product.
Provided and/or discovered by:
Independently discovered by:
* Alan W. Rateliff
* Matthew Gillespie
Changelog:
2004-06-07: Updated "Solution" section with information about beta fix.
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
11 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linksys WRT54G Security Bypass Vulnerability
|
|
2. Linksys WRT54G Configuration Manipulation and Request Forgery
|
|
3. Linksys WRT54G UPnP Port Mapping Vulnerability
|
|
4. Linksys BEFVP41 IP Option Length Denial of Service
|
|
5. Linksys WRT54G Multiple Vulnerabilities
|
|
6. Linksys WRT54G Router Common SSL Private Key Disclosure
|
|
7. Linksys BEFSR41 Connection Handling Denial of Service
|
|
8. Linksys BEF Series Routers Denial of Service Vulnerabilities
|
|
9. Linksys BEF Series Routers DHCP Vulnerability
|
|
10. Linksys routers Denial of Service
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
