Linksys BEFSR41 EtherFast Router Lets Remote Users Access the Administration Page Even When Remote Administration is Disabled
SecurityTracker Alert ID: 1010357|
SecurityTracker URL: http://securitytracker.com/id/1010357
(Links to External Site)
Date: Jun 1 2004
Host/resource access via network|
Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): Model BEFSR41|
A vulnerability was reported in the Linksys BEFSR41 version 3 router. A remote user can access the administration login page.|
On June 1, 2004, Alan W. Rateliff reported that a remote user can access the administration web page from the WAN-side interface on ports 80 and 443 even if the remote administration function is turned off on the Linksys WRT54G.
Matthew Gillespie subsequently reported that port 80 on the BEFSR41v3 is also affected.
The vendor was reportedly notified in April 2004 (Linksys Product Support Case#: 2423404 and RE: Linksys Product Support Case#: 242340).
A remote user can access the administration login page even when remote administration has been disabled.|
No solution was available at the time of this entry.|
The vendor reportedly indicates that as a workaround, you can route requests to port 80 to a null IP address.
Vendor URL: www.linksys.com/products/product.asp?prid=561&scid=29 (Links to External Site)
Access control error, State error|
Source Message Contents
Subject: Re: LinkSys WRT54G administration page availble to WAN|
I have personally contacted Linksys in regards to this problem (it appears
that a glitch in WRT54G and in BEFSR41v3 cause this problem). Both pieces of
equipment were running current firmware (I don't have my notes with me at
the moment, but the firmware was current). And in both instances remote
admin was available via port 80 on the WAN side.
Initially I spoke with an outsourced group of individuals that recommended
I forward port 80 inquiries to a null ip. This DOES work, however is very
sloppy. Later I asked for the source code to BEFSR41v3, to modify the bug
myself but was denied as it is propietary.
After repeated problems with remote admin STAYING on (keep in mind, it was
disabled, along with various other settings) I again contacted linksys where
a friendly individual informed me, "If you continue to have the problem you
could just buy a new router".
All of this is documented in emails I have sent to Linksys. I have spoken
to Jason Hardy throughout April (Linksys Product Support Case#: 2423404 and
RE: Linksys Product Support Case#: 242340) however the issue has yet to be
So I'd suggest forwarding port 80 inquries to a null ip in the meantime,
good work Linksys.
----- Original Message -----
From: "Alan W. Rateliff, II" <email@example.com>
Sent: Monday, May 31, 2004 11:51 AM
Subject: LinkSys WRT54G administration page availble to WAN
> Manufacturer: LinkSys (a division of Cisco)
> Product: Wireless-G Broadband Router
> Model: WRT54G
> Product Page:
> Firmware tested: v2.02.7
> In a recent client installation I discovered that even if the remote
> administration function is turned off, the WRT54G provides the
> administration web page to ports 80 and 443 on the WAN. The implications
> are obvious: out of the box the unit gives full access to its
> from the WAN using the default or, if the user even bothered to change it,
> an easily guessed password.
> I reported this to LinkSys (along with a number of other non-security
> related issues) on April 28. I received no reponse addressing this, and
> updated firmware has yet appeared on their firmware page
> To work around this, you can use the port forwarding (irritatingly renamed
> to Games and whatever) to send ports 80 and 443 to non-existant hosts.
> that forwarding the ports to any hosts -- inluding listening ones if you
> actually running servers -- will override the default behavior.
> On a personal note, there are a number of reasons for which I am
> disappointed with LinkSys since the acquisition by Cisco. For the sake of
> what was once a rock-solid product and great brand name, I hope things
> change soon.
> Alan W. Rateliff, II : RATELIFF.NET
> Independent Technology Consultant : firstname.lastname@example.org
> (Office) 850/350-0260 : (Mobile) 850/559-0100
> [System Administration][IT Consulting][Computer Sales/Repair]