I have a WRT54G at home. After seeing all the discussion here about the remote administration vulnerability I tried to access the web interface today on ports 80 and 443 from outside of my home network and was not able to get to the web interface either. But, having said that, I'm still fairly disappointed with this product. Linksys used to incorporate SNMP support that made it possible to use Linklogger, a very inexpensive and capable firewall logger. But, it appears that SNMP and syslog support are gone. I contacted tech support about this and they agreed that the WRT54G has no support for external event logging. Too bad. --Dave -----Original Message----- From: Jason Munro [mailto:jason@xxxxxxxxxx] Sent: Wednesday, June 02, 2004 2:30 PM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: LinkSys WRT54G administration page availble to WAN On 11:51:41 am 05/31/04 "Alan W. Rateliff, II" <lists@xxxxxxxxxxxx> wrote: > Manufacturer: LinkSys (a division of Cisco) > Product: Wireless-G Broadband Router > Model: WRT54G > Product Page: > http://www.linksys.com/products/product.asp?grid=33&scid=35&prid=601 > Firmware tested: v2.02.7 > > In a recent client installation I discovered that even if the remote > administration function is turned off, the WRT54G provides the > administration web page to ports 80 and 443 on the WAN. The > implications are obvious: out of the box the unit gives full access > to its administration from the WAN using the default or, if the user > even bothered to change it, an easily guessed password. Testing this issue with a recently purchased WRT54G here showed that while I can access the web interface on the WAN IP from the LAN behind the linksys, I can not access it from another location on the WAN side. \__ Jason Munro \__ jason@xxxxxxxxxx \__ http://hastymail.sourceforge.net/
