<<< Date Index >>>     <<< Thread Index >>>

Re: The Linksys WRT54G "security problem" doesn't exist



In-Reply-To: 
<OF573D37A2.8E5427F6-ON87256EA9.00668BEB-87256EA9.0066B037@xxxxxxxxxxx>

>> In a recent client installation I discovered that even if the remote 
>> administration function is turned off, the WRT54G provides the 
>> administration web page to ports 80 and 443 on the WAN.
>
>I think the "Independent consultant" quoted in InternetWeek is wrong.  

The current "bug" should be as follows:

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on xxx.adelphia.net (67.23.xxx.xxx):
(The 1553 ports scanned but not shown below are in state: closed)
Port       State       Service
443/tcp    open        https


Nmap run completed -- 1 IP address (1 host up) scanned in 40 seconds


I logged into it via my web-browser, Opera, which said the router was WRT54G. I 
went into Admistration -> Remote Configuration. The box for remote 
configuration was unchecked, however it allowed me to access https over the 
Internet.

Firmware Version:       v1.42.2                 
Current Time:   Fri, 11 Jan 2002 10:34:54                       
MAC Address:    00:0C:41:A9:F8:76                       
Router Name:    WRT54G 

Thanks,

CC.