search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Linksys WRT54G routers do not properly validate user credentials

Vulnerability Note VU#930364

Original Release Date: 2006-10-05 | Last Revised: 2006-11-21

Overview

Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes.

Description

The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a web interface that uses either HTTP or HTTPS. Before viewing configuration files, an administrator needs to supply valid credentials.

The administrator's credentials are only used for viewing the device's configuration; the WRT54G does not require any credentials when making changes to configuration files. An attacker may be able to create a specially crafted web page that makes changes to the router's configuration when opened by anyone connected to the wireless or LAN ports of the router.

The remote access feature on Linksys routers allows administration of the router from the WAN port. If remote administration is enabled on an affected device, an attacker on the Internet may be able to exploit this vulnerability by sending malformed commands to the web interface.

Impact

A remote, unauthenticated attacker could change the configuration of an affected router.

Solution

There is currently no practical solution available to this problem.

Disable remote access
Disabling remote access may help mitigate this vulnerability.

Do not open untrusted links
An attacker may be able to create a specially crafted URL or HTML page that exploits this vulnerability. Do not open or follow untrusted hyperlinks sent through email or instant messages.

Secure your wireless network
Restricting access to your wireless network may also mitigate this vulnerability. US-CERT Cyber Security Tip ST05-003 has instructions on how to secure your wireless network.

Vendor Information

930364
Expand all

Linksys (A division of Cisco Systems)

Updated:  November 21, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There is a report that firmware revision 1.00.10 fixes this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was publicly reported by Ginsu Rabbit

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 1.98
Date Public: 2006-08-07
Date First Published: 2006-10-05
Date Last Updated: 2006-11-21 21:46 UTC
Document Revision: 51

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.