WRT54G

The WRT54G LinkSys wireless routers suffer from security bypass vulnerabilities. When left unencrypted a user could change settings on your router making it useless, or changing the way it works. Some settings that can be changed via remote URL’s are: retore factory defaults, reset admin password, enable mixed wireless mode, disable all wireless encryption, disable mac filtering, and a whole bunch of others.

On a side note, the administrative username and password is stored in clear text in config.bin on the device. It seems LinkSys would want to at least encrypt this file. Almost any value can be changed using the methods below.

There is no evidence that this can be done on an encrypted wireless router. You’d have to have an already established connection to be able to enter the following URL’s into in order to change settings. No connection, no ip address, no worries. Those that leave their routers wide open and on the default setting will be the unguarded victims of a cracker.
(continue reading…)