Vulnerabilities > CVE-2004-2606 - Remote Administration Service Weakness in Linksys WRT54G Router World Accessible

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

linksys

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

Vulnerable Configurations

Part	Description	Count
Hardware	Linksys Linksys Befsr41 V3 * Linksys Wrt54G 2.02.7	2

References

ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
http://secunia.com/advisories/11754
http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
http://www.nwfusion.com/news/2004/0607confuse.html
http://www.osvdb.org/6577
http://www.securityfocus.com/archive/1/365175
http://www.securityfocus.com/archive/1/365227/30/0/threaded
http://www.securityfocus.com/bid/10441
https://exchange.xforce.ibmcloud.com/vulnerabilities/16274