Linksys WiFi Gateway Remote Attack Risk Discovered

Glenn Fleishman reports that

According to, a tech consultant discovered that even if you turn the remote administration feature off on a Linksys WRT54G — the single bestselling Wi-Fi device in the world — you can still remotely access it through ports 80 and 443. Linksys sets the HTTP username to nothing and password to ‘admin’ on all of its devices by default. Web site scanning from anywhere in the world to devices that have routable Internet-facing addresses would allow script kiddie remote access, at which point you could flash the unit with new firmware, extract the WEP or WPA key, or just mess up someone’s configuration and change the password.”

He’s suggesting that you change Your Linksys WRT54G Admin Password Right Now!

I wanted to note this since I earlier mentioned the Linksys WRT54G

Update : LinkSys says WRT54G Vulnerability Not Widespread, just make sure the built-in firewall has been NOT been disabled. via Gizmodo, gadets are us

So time to confirm the setting and Glenn’s advise is still a “Good Idea”

another update: Threat overstated, finder of vulnerability says, apparently NOT the end of the world, just western cizelization….under

Leave a Reply