An independent security researcher has found a vulnerability that affects the Linksys WRT54G 802.11g WiFi router, giving access to the device’s configuration pages through an easily deduced password.
Alan Rateliff, in a posting to the BugTraq mailing list, said that the WRT54G router provides administrative access by default to ports 80 and 443 on the WAN. The user can use the admin pages to configure the device himself. According to reports, the username defaults to “admin”.
“The implications are obvious: out of the box the unit gives full access to its administration from the WAN using the default or, if the user even bothered to change it, an easily guessed password,” Radcliffe wrote.
Radcliffe tested the Linksys firmware version 2.02.7, the latest revision posted on the Linksys firmware page. Radcliffe said he reported the problem to Linksys on April 28, and so far has not received a response from the company.
“On a personal note, there are a number of reasons for which I am thoroughly disappointed with Linksys since the acquisition by Cisco,” Radcliffe added. “For the sake of what was once a rock-solid product and great brand name, I hope things change soon.”
News source: ExtremeTech