Security Bug in Linksys Wireless-G Router
June 02, 2004
The flaw carries a 'moderately critical' rating and could give malicious hackers administrative access to vulnerable devices.
A security bypass flaw in a popular wireless broadband router shipped by
Linksys unit could give malicious hackers
administrative access to vulnerable devices, researchers warned on
Independent technology consultant Alan W. Rateliff discovered the flaw during a client installation of a Linksys WRT54G Wireless-G Broadband Router. After reporting the vulnerability to Linksys, Rateliff posted a warning on a public mailing list that even if the remote administration function is turned off, the router provides the administration Web page to ports 80 and 443 on the WAN.
"The implications are obvious: out of the box the unit gives full access to its administration from the WAN using the default or, if the user even bothered to change it, an easily guessed password," he said.
As a workaround until a firmware upgrade is issued, Rateliff recommends the use of port forwarding send ports 80 and 443 to non-existent hosts. "Note that forwarding the ports to any hosts -- including listening ones if you are actually running servers -- will override the default behavior," he explained.
The Linksys Wireless-G Broadband Router is marketed as three devices in one box -- a Wireless Access Point, a 4-port 10/100 Switch to connect your wired-Ethernet devices and a router function that lets users network share a high-speed cable or DSL Internet connection, files, and other resources such as printers and hard disk storage space.
The Linksys WRT54G product offers wireless data rates up to 54Mbps -- 5 times as fast as Wireless-B (802.11b), but also interoperable with Wireless-B devices (at 11Mbps).