Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Flaw Found In Linksys Wireless Router

The popular Linksys WRT54G wireless router has a security flaw that enables unauthorized remote access to its administrative functions, an expert claims.

Independent consultant Alan W. Rateliff II said in a posted warning that the router will display its administrative Web over the Internet page via ports 80 and 443 -- even if the user turns off the remote administration function.

After intruders access the administrative log-on screen, they can then get into the management functions because the default user name and passwords are obvious. Most such devices use, by default, obvious user names and passwords like "admin."

"The implications are obvious: Out of the box the unit gives full access to its administration from the WAN using the default or, if the user even bothered to change it, an easily guessed password."

Rateliff said he reported the problem to Linksys, which is a division of Cisco, in April but did not receive a response. Nor has the company updated the firmware for the router to fix the problem, he noted. The
most recent firmware for the router, as posted on the Linksys Web site, is dated March 17, 2004.

  • 1