Linksys WiFi Gateway Remote Attack Risk Discovered

Glenn Fleishman writes "According to InternetNews.com, a tech consultant discovered that even if you turn the remote administration feature off on a Linksys WRT54G -- the single bestselling Wi-Fi device in the world -- you can still remotely access it through ports 80 and 443. Linksys sets the HTTP username to nothing and password to 'admin' on all of its devices by default. Web site scanning from anywhere in the world to devices that have routable Internet-facing addresses would allow script kiddie remote access, at which point you could flash the unit with new firmware, extract the WEP or WPA key, or just mess up someone's configuration and change the password."

Has nobody noticed these ports being wide open?

[yebb]

Seems like a rather obvious issue, I'm suprised nobody noticed this before.

port fowarding

What happens if you are fowarding port 80 to an internal box? Thats what I currently do. If i access my external ip I get my webpage, I can only get my routers admin page by using its internal IP.

What if some script kiddie meshed them all?

[Baldrson]

The 32M RAM version of the WRT54G has enough capacity to run the current release of MeshAP. The problem is booting it off of the 8M of flash that is available on the WRT54G. You could overcome this by incrementally reflashing them to boot from the mesh itself. This would fix the security hole too.

Understand, I'm not advocating any kids actually do this -- its just a fun, if slightly whacked, idea.