[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40C0F145.6010701@ameritech.net>
Date: Fri, 04 Jun 2004 17:01:41 -0500
From: insecure <insecure@...ritech.net>
To: David Pipe <David_Pipe@...-rad.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: The Linksys WRT54G "security problem" doesn't exist
David Pipe wrote:
>>In a recent client installation I discovered that even if the remote
>>administration function is turned off, the WRT54G provides the
>>administration web page to ports 80 and 443 on the WAN.
>>
>>
>
>I think the "Independent consultant" quoted in InternetWeek is wrong. I
>think he either has a defective router or his cables are plugged into the
>wrong end of the thing.
>
>This clearly works properly on my Linksys WRT54G. No access of
>administrative site on the WAN side when it's turned off. Period.
>
>Comments and questions:
>
>1) No one has been able to confirm this problem. Isn't that right?
>
>2) The "Independent consultant" did not say he tried with more than one
>router, and it appears that he did not ask anyone else if they would
>check this out on their routers before he decided the sky was falling.
>
>3) Thousands and thousands of these things have been sold for months an no
>one has reported this error before.
>
>4) Certainly such an aggregious error would have been discovered before
>now, as hackers routinely bang away at IP addresses and find this stuff.
>
>5) Does he really think that Cisco/Linksys would not test such a basic
>basic basic aspect of this router's security?
>
>6) How did this get on to InternetWeek? Does anyone actually check these
>things out before publishing them?
>
>Please, prove me wrong on all points. Can anyone reproduce this?
>
>Dave
>
>
>
OK, you're wrong on all points. Here's a quote from the vendor:
Linksys, A division of Cisco Systems, Inc.
Product: WRT54G
Classification: Firmware Release History
Firmware Date: 6/2/2004
Release Date: BETA RELEASE
Last Firmware Version: 2.02.8_BETA
__________________________________________________________________________
Firmware 2.02.8_BETA
- Resolved security issue where remote management is enabled on port 80
and 443 when firewall is disabled
Powered by blists - more mailing lists