Re: The Linksys WRT54G "security problem" doesn't exist
In-Reply-To:
<OF573D37A2.8E5427F6-ON87256EA9.00668BEB-87256EA9.0066B037@xxxxxxxxxxx>
>> In a recent client installation I discovered that even if the remote
>> administration function is turned off, the WRT54G provides the
>> administration web page to ports 80 and 443 on the WAN.
>
>I think the "Independent consultant" quoted in InternetWeek is wrong.
The current "bug" should be as follows:
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on xxx.adelphia.net (67.23.xxx.xxx):
(The 1553 ports scanned but not shown below are in state: closed)
Port State Service
443/tcp open https
Nmap run completed -- 1 IP address (1 host up) scanned in 40 seconds
I logged into it via my web-browser, Opera, which said the router was WRT54G. I
went into Admistration -> Remote Configuration. The box for remote
configuration was unchecked, however it allowed me to access https over the
Internet.
Firmware Version: v1.42.2
Current Time: Fri, 11 Jan 2002 10:34:54
MAC Address: 00:0C:41:A9:F8:76
Router Name: WRT54G
Thanks,
CC.