RE: LinkSys WRT54G administration page availble to WAN

From: Alan W. Rateliff, II (
Date: 06/01/04

  • Next message: Sam Bashton: "Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS"
    To: <>
    Date: Mon, 31 May 2004 18:58:54 -0400

    > -----Original Message-----
    > From: Matthew Caron []
    > Sent: Monday, May 31, 2004 5:19 PM
    > To: Alan W. Rateliff, II
    > Cc:
    > Subject: Re: LinkSys WRT54G administration page availble to WAN
    > Isn't that the Linksys product that runs Linux and all these
    > folks have
    > been making custom firmware for? If so, can't one of those folks fix
    > this bug if Linksys it taking too long?

    Perhaps, but the points still remain that LinkSys is distributing a
    vulnerable product through all channels, retail stores are blowing this item
    out with rebates, and Joe Average User isn't going to upgrade to a custom
    Linux-based firmware because chances are he or she is not aware of it.

    Also, I have received a shit-storm of auto-replies from my original post.

    After wading through 30-or-so of these auto-responses, I found three valid
    emails. The general answer is that I had an open dialogue with LinkSys
    support (case #AEV-14523-534, which refers to #KNU-66355-624,) the problem
    was originally noted to them on 04/28/04, and because of my open dialogue
    with LinkSys support I did not send an email to any other address or
    department at LinkSys.

    In regards to the last part, I do now feel somewhat remiss for not having
    done so, however at the same time a proven security issue should be properly
    communicated from support to the appropriate department. That seems to not
    be the case, and assumption is the evil of all root.

           Alan W. Rateliff, II        :       RATELIFF.NET
     Independent Technology Consultant :
          (Office) 850/350-0260        :  (Mobile) 850/559-0100
    [System Administration][IT Consulting][Computer Sales/Repair]

  • Next message: Sam Bashton: "Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS"

    Relevant Pages

    • Re: Router dead. Advice for replacement.
      ... >years and so many more folks use these in systems now, ... >have the benefit of the experiences of others. ... I will say that the management software is a bit obtuse compared to say Linksys ... and I haven't found any log utilities like Linklogger etc. ...
    • Re: Laptop Wont Boot When Wireless PC Card Removed
      ... May be worth checking with the folks at Linksys on this one .. ...
    • Re: Help with Bind Weirdness & Logging
      ... Stock linksys firmware sucks, ... have you tried doing a hard reset of the router ... In regards to tech support, at least in my experience with Linksys, if ... I had tried what I thought was a hard reset by pressing the reset button ...
    • Re: using Linksys "gaming adapter" w/5 port workgroup switch
      ... >I want to set up internet access for a several computers in a different room ... >from my wireless gateway (Linksys WAG54G). ... As usual Linksys support is mostly correct. ...
    • Re: ALERT: WPA can be less secure than WEP
      ... >I can see the help desk at Linksys now... ... >Linksys would be drowning in calls if they encrypted before they shipped. ... The most challenging part of setting up a router is selecting ... nothing to do with the users ease of setup or support problem. ...