Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Linksys router vulnerability

Linksys router vulnerability

by Nikola Strahija on November 19th, 2002 Linksys products running affected firmware versions are susceptible to a bug that allows unauthenticated access to the management interface. This bug affects both local and remote management (if enabled).


AFFECTED PRODUCTS (per Linksys support):
BEFSR41, BEFSR11, BEFSRU31:
firmware versions from 1.41 through 1.43
BEFW11S4:
firmware versions from 1.42.7 through 1.43.

IMPACT:
Users on the protected ("local") network can gain
administrative access to the Linksys router and may
view/alter configuration data. If remote management
is enabled, users on the unprotected ("wide-area")
network may gain similar access.

Note that for the BEFW11S4, the "local" network
includes all devices able to associate with the access
point.

RESOLUTION:
Linksys has released firmware version 1.43.3 that
resolves this issue on the tested equipment (BEFSR41).
It is assumed that the problem is resolved with this
firmware version on all affected products.

DETAIL:
It appears that the Linksys HTTP management interface
does not handle cases where the client sends specific
XML-related data during the initial content
negotiation ("XML related entries in the mailcap
file").

VERIFICATION/TEST SETUP:
Test setup included the following hardware/software:
- BEFSR41 firewall/router with firmware version 1.43
- lynx browser version 2.8.4rel.1 (17 Jul 2001)
- ~/.mailcap with the following line:
application/foo.xml;

Using lynx with the above mailcap, connect to the
management interface (remote interface listens on port
8080 when enabled). Affected versions will display
the setup screen without requiring the user to enter a
password. (Note: mailcap is generally installed as
~/.mailcap). Navigation to other screens is possible,
though some "accept" buttons might not render if the
browser used is unable to process javascript.

TIMELINE:
Linksys was notified of this bug on 11 November 2002.
The bug was confirmed on 12 November 2002. A beta
firmware update was tested on 15 November 2002; the
new firmware (1.43.3, 11/15/2002) is now available on
the Linksys web site.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »