Bugtraq mailing list archives
Re: The Linksys WRT54G "security problem" doesn't exist
From: <caldcv () students fccj org>
Date: 5 Jun 2004 00:53:26 -0000
In-Reply-To: <OF573D37A2.8E5427F6-ON87256EA9.00668BEB-87256EA9.0066B037 () bio-rad com>
In a recent client installation I discovered that even if the remote administration function is turned off, the WRT54G provides the administration web page to ports 80 and 443 on the WAN.I think the "Independent consultant" quoted in InternetWeek is wrong.
The current "bug" should be as follows: Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Interesting ports on xxx.adelphia.net (67.23.xxx.xxx): (The 1553 ports scanned but not shown below are in state: closed) Port State Service 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in 40 seconds I logged into it via my web-browser, Opera, which said the router was WRT54G. I went into Admistration -> Remote Configuration. The box for remote configuration was unchecked, however it allowed me to access https over the Internet. Firmware Version: v1.42.2 Current Time: Fri, 11 Jan 2002 10:34:54 MAC Address: 00:0C:41:A9:F8:76 Router Name: WRT54G Thanks, CC.
Current thread:
- The Linksys WRT54G "security problem" doesn't exist David Pipe (Jun 04)
- RE: The Linksys WRT54G "security problem" doesn't exist Alan W. Rateliff, II (Jun 05)
- RE: The Linksys WRT54G "security problem" doesn't exist David Gillett (Jun 07)
- Re: The Linksys WRT54G "security problem" doesn't exist insecure (Jun 05)
- <Possible follow-ups>
- Re: The Linksys WRT54G "security problem" doesn't exist caldcv (Jun 05)
- Re: The Linksys WRT54G "security problem" doesn't exist caldcv (Jun 14)
- RE: The Linksys WRT54G "security problem" doesn't exist Alan W. Rateliff, II (Jun 05)