CVE-2004-2606 | Vulnerability Database | Aqua Security

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

Affected Software

Name	Vendor	Start Version	End Version
Befsr41_v3	Linksys	*	*
Wrt54g	Linksys	2.02.7 (including)	2.02.7 (including)

References

ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
http://secunia.com/advisories/11754
http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
http://www.nwfusion.com/news/2004/0607confuse.html
http://www.osvdb.org/6577
http://www.securityfocus.com/archive/1/365175
http://www.securityfocus.com/archive/1/365227/30/0/threaded
http://www.securityfocus.com/bid/10441
https://exchange.xforce.ibmcloud.com/vulnerabilities/16274

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2606
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html