I can't comment on the Belkin stuff. As for Cisco IIRC, telnet is enabled by default, however it doesn't allow anyone to log in unless a telnet password is set on the vty lines and the login command is configured as well, and those are not set by default. So, you can certainly use a telnet exploit against them because the port is open, but you're not going in via the non-existant password. Regards, Roman Daszczyszak ---------- Original message ---------- From: steven.salaets@xxxxxxxxxxxxx To: bugtraq@xxxxxxxxxxxxxxxxx Date: 20 Jul 2005 08:58:29 -0000 Subject: Re: Re: several vulnerabilities present in Belkin wireless routers What I wonder is: How much of a security threat is this? Are we not talking about default settings here? How secure is a linksys or cisco AP out of the box? As far as I recall Cisco also enables telnet by default and if you Google for a default administrative password for any network device it won't take you 5 minutes to find it. -Steven
