search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Linksys WRT54G routers do not properly validate user credentials

Vulnerability Note VU#930364

Original Release Date: 2006-10-05 | Last Revised: 2006-11-21


Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes.


The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a web interface that uses either HTTP or HTTPS. Before viewing configuration files, an administrator needs to supply valid credentials.

The administrator's credentials are only used for viewing the device's configuration; the WRT54G does not require any credentials when making changes to configuration files. An attacker may be able to create a specially crafted web page that makes changes to the router's configuration when opened by anyone connected to the wireless or LAN ports of the router.

The remote access feature on Linksys routers allows administration of the router from the WAN port. If remote administration is enabled on an affected device, an attacker on the Internet may be able to exploit this vulnerability by sending malformed commands to the web interface.


A remote, unauthenticated attacker could change the configuration of an affected router.


There is currently no practical solution available to this problem.

Disable remote access
Disabling remote access may help mitigate this vulnerability.

Do not open untrusted links
An attacker may be able to create a specially crafted URL or HTML page that exploits this vulnerability. Do not open or follow untrusted hyperlinks sent through email or instant messages.

Secure your wireless network
Restricting access to your wireless network may also mitigate this vulnerability. US-CERT Cyber Security Tip ST05-003 has instructions on how to secure your wireless network.

Vendor Information


Linksys (A division of Cisco Systems) Affected

Updated:  November 21, 2006



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


There is a report that firmware revision 1.00.10 fixes this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was publicly reported by Ginsu Rabbit.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 1.98
Date Public: 2006-08-07
Date First Published: 2006-10-05
Date Last Updated: 2006-11-21 21:46 UTC
Document Revision: 52

Sponsored by CISA.