hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Jun 1 2004, 02:49 AM
QUOTE


Manufacturer: LinkSys (a division of Cisco)
Product: Wireless-G Broadband Router
Model: WRT54G
Product Page:
http://www.linksys.com/products/product.as...cid=35&prid=601
Firmware tested: v2.02.7


In a recent client installation I discovered that even if the remote
administration function is turned off, the WRT54G provides the
administration web page to ports 80 and 443 on the WAN. The implications
are obvious: out of the box the unit gives full access to its administration
from the WAN using the default or, if the user even bothered to change it,
an easily guessed password.


I reported this to LinkSys (along with a number of other non-security
related issues) on April 28. I received no reponse addressing this, and no
updated firmware has yet appeared on their firmware page
http://www.linksys.com/download/firmware.asp?fwid=201


To work around this, you can use the port forwarding (irritatingly renamed
to Games and whatever) to send ports 80 and 443 to non-existant hosts. Note
that forwarding the ports to any hosts -- inluding listening ones if you are
actually running servers -- will override the default behavior.


On a personal note, there are a number of reasons for which I am thoroughly
disappointed with LinkSys since the acquisition by Cisco. For the sake of
what was once a rock-solid product and great brand name, I hope things
change soon.



Link on original article: http://seclists.org/lists/bugtraq/2004/May/0329.html
^RB^
Jun 1 2004, 06:39 AM
I actually have that router...
but I'm running a hacked version of the firmware, and luckily (?) my ISP blocks all incoming traffic from port 1 until port 1024 fro god knows what reason...


Thanks for the update m8! this will be useful for a lot of ppl!
chris105
Jun 1 2004, 08:53 AM
QUOTE (^RB^ @ Jun 1 2004, 06:39 AM)
my ISP blocks all incoming traffic from port 1 until port 1024 fro god knows what reason...

Is this possible, would it not stop the internet from working ?
Chinzo
Jun 1 2004, 10:30 AM
QUOTE (chris105 @ Jun 1 2004, 08:53 AM)
QUOTE (^RB^ @ Jun 1 2004, 06:39 AM)
my ISP blocks all incoming traffic from port 1 until port 1024 fro god knows what reason...

Is this possible, would it not stop the internet from working ?

Yes I' m very interested about that, how could you surf, ftping etc when 1 to 1024 ports are blocked ? huh.gif
^RB^
Jun 1 2004, 07:08 PM
QUOTE (Chinzo @ Jun 1 2004, 11:30 AM)
QUOTE (chris105 @ Jun 1 2004, 08:53 AM)
QUOTE (^RB^ @ Jun 1 2004, 06:39 AM)
my ISP blocks all incoming traffic from port 1 until port 1024 fro god knows what reason...

Is this possible, would it not stop the internet from working ?

Yes I' m very interested about that, how could you surf, ftping etc when 1 to 1024 ports are blocked ? huh.gif

I honestly don't have a clu, but they are all blocked.... :/

I tested the shields up, and I get a stealth port result for every single port in the range 1-1024...
(and yes, I tried it with disconnecting the router...smile.gif)

I do have an ftp server running, and my webserver is running too, but they're both on high ports...
tweakz20
Jun 1 2004, 07:19 PM
incomming... you have to be running a server to need people to use incomming.. i'm sure it doesn't block it after the connection is established or outgoing or you would be cut off from the rest of the world
ComSec
Jun 1 2004, 09:59 PM
QUOTE
Link on original article: http://seclists.org/lists/bugtraq/2004/May/0329.html


yup qcred11...thanks for the links to follow up wink.gif
xlulux
Jun 1 2004, 11:16 PM
yeah that 1-1024 is quite a cut down, users might have to be able to count highter than 1024 now ! hahaha its funny that isp's think that the ones smart enough to get the servers running wont know how to change the port its run on. btw , whats your site about?
qcred11
Jun 2 2004, 12:53 AM
The same glitch have been found in Linksys BEFSR41v3.

Source: http://www.securitytracker.com/alerts/2004/Jun/1010357.html
tweakz20
Jun 2 2004, 12:58 AM
^that one is the "EtherFast® Cable/DSL Router with 4-Port Switch"... man, two of them on this network... (too bad they have to get by 2 others (CMS and D-Link) first tongue.gif )
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.