Security Bug in Linksys Wireless-G Router (http://www.internetnews.com/infra/article.php/3362321) - InternetNews.com, 06/02/04

A security bypass flaw in a popular wireless broadband router shipped by Cisco's Linksys unit could give malicious hackers administrative access to vulnerable devices, researchers warned on Wednesday.

Independent technology consultant Alan W. Rateliff discovered the flaw during a client installation of a Linksys WRT54G Wireless-G Broadband Router. After reporting the vulnerability to Linksys, Rateliff posted a warning on a public mailing list that even if the remote administration function is turned off, the router provides the administration Web page to ports 80 and 443 on the WAN.

General instructions for working around this serious vulnerability are given in the article. Feel free to post here if you have this router and need assistance.

i have the same unit, and came across that a while back, i did a few work arounds and such, best thing I ever did was upgrade to a different version of the firmware, and since Linksys has made the firmware open source, people are free to code their own firmware's.

More info can be had at www.sveasoft.com in their forums.

I wonder if you can hack ^w modify the code for the older Linksys BEFSR series router/switch/firewall? That way I dont have to throw away my BEFSR8-1.

I might switch over to a DSL provider that would let me host my own pages at home - no big overage charges if you get hammered with traffic (like from slashdot...) or colo fees, just a saturated DSL line and an old P-II in the closet chugging away serving page views...

It would be nifty if it was hard coded into the router that if the machine serving the webpage went down you could hard-code the router to auto-ack respond with a text line like "Oops. www.example.invalid Server broken. Try again later."

--<< Bruce >>--