The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Befsr41_v3 | Linksys | * | * |
| Wrt54g | Linksys | 2.02.7 (including) | 2.02.7 (including) |
References
- ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
- http://secunia.com/advisories/11754
- http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
- http://www.nwfusion.com/news/2004/0607confuse.html
- http://www.osvdb.org/6577
- http://www.securityfocus.com/archive/1/365175
- http://www.securityfocus.com/archive/1/365227/30/0/threaded
- http://www.securityfocus.com/bid/10441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16274
- ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
- http://secunia.com/advisories/11754
- http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
- http://www.nwfusion.com/news/2004/0607confuse.html
- http://www.osvdb.org/6577
- http://www.securityfocus.com/archive/1/365175
- http://www.securityfocus.com/archive/1/365227/30/0/threaded
- http://www.securityfocus.com/bid/10441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16274