RE: Additional information on WRT54G administration page

From: Mike Riella (mriella_at_pgi-pitco.com)
Date: 06/02/04

  • Next message: Byron Pezan: "Remote SMTP authentication audit tool?" 
    To: "'Alan W. Rateliff, II'" <alan2@rateliff.net>
Date: Wed, 2 Jun 2004 12:00:13 -0700

    I've tried over and over and scanned myself externally a few times. I'm
    using a WRT54G w/ 2.02.7 firmware and those ports are not open. I'll email
    you my IP if you'd like to test on.

     
     
    -----Original Message-----
    From: Alan W. Rateliff, II [mailto:alan2@rateliff.net]
    Sent: Wednesday, June 02, 2004 11:05 AM
    To: bugtraq@securityfocus.com
    Subject: Additional information on WRT54G administration page

    I have made the effort to grab three additional units, all v2 hardware,
    off-the-shelf, and here is what I have found: Two of three units came with
    the firewall enabled, while one of the three came with it disabled. The
    packaging leaves no evidence as to whether any of these items were
    previously opened and returned.

    Interestingly, all three units from local resalers came with v2.02.2
    firmware, while the second unit from CDW I tested in March came with
    v2.02.7. BOTH of the units which came off-the-shelf with v2.02.7 behaved as
    previously described in my original notice; I do not have records of the
    firewall setting of the units from March, although they both did behave as
    predicted after a factory reset.

    I would like to assume that the one-of-three v2.02.2 firmware units which
    came with the firewall disabled was an anomoly, and possibly a customer
    return. Nicely, flashing these units to v2.02.7 retains all settings,
    including the firewall status.

    Now the catch. In v2.02.7 with the firewall disabled and remote admin
    turned off, the admin page becomes available on ports 80 and 443 on the WAN.
    This works whether the unit is in DHCP or PPPoE mode.

    Port State Service
    80/tcp open http
    443/tcp open https
    Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20

    So part of the original notice is valid, with the exceptions noted. I don't
    have any more v2.02.2 units to test as they have all now been flashed with
    v2.02.7, I have no more unmolested v2.02.7, and I am out of petty funds to
    purchase more :)

    So, I will eat some crow on the original notice. To sum up, the admin page
    is most definitely available to the WAN if the firewall is disabled,
    regardless of the remote admin setting. And at best the potential for
    getting a unit off-the-shelf with this behavior is somewhat like an Easter
    egg hunt. I have received an even mix of responses positive and negative to
    the original notice, so others are reproducing this OTS.

    Some thoughts...

    It could be resonable that units which come v2.02.2 OTS then flash to
    v2.02.7 may not experience this behavior due to stored factory settings from
    original v2.02.2 system carried over to v2.02.7. That would explain the
    exception of the OTS behavior of the v2.02.7 units received in March.

    Now I am also aware that other LinkSys items I have received have come with
    firmwares not yet available on the website -- most recent example, a
    WPS54GU2 which came with firmware 6032 while only 6031 was available on the
    website. It may be more reasonable that since the firmware v2.02.7 is dated
    March 17, my order for the WRT54G was placed on March 23, maybe a
    pre-release of the firmware? I cannot imagine that there would be such a
    diverse distribution of this product direct from LinkSys? 

    -- 
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2@rateliff.net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]
  • Next message: Byron Pezan: "Remote SMTP authentication audit tool?"

    Relevant Pages

    • Additional information on WRT54G administration page
      ... the firewall enabled, while one of the three came with it disabled. ... BOTH of the units which came off-the-shelf with v2.02.7 behaved as ... I would like to assume that the one-of-three v2.02.2 firmware units which ... So part of the original notice is valid, ...
      (Bugtraq)
    • Re: Linksys WRT54 GL - Session riding (CSRF)
      ... you will be warned that "There is a problem with this website's security certificate." ... The Router/ Firewall remains running and stable until you don't accept the certificate. ... If the administrator of Linksys WRT54GL is logged into the device and opens a malicious website or email with the same browser, ... This issue is reported to affect firmware version 4.30.9; other firmware versions may also be affected. ...
      (Bugtraq)
    • RE: What firewall for small medical research lab
      ... "OS vs firmware" firewalls. ... securing their network. ... filter firewall as your outer perimeter. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)
    • Re: WatchGuard SOHO WG2500 plz help.....
      ... > and you hafto go in there to download the latest firmware. ... Once you have the software installed, you can install the firewall rules ... The license and key are not transferrable to another buyer, ...
      (comp.security.firewalls)
    • Re: OT - Netgear print servers
      ... > print server, and how it won't work unless the firewall is switched off. ... which is the installer for a little flash update program. ... firmware installed (I did update when investigating the problem: ...
      (Fedora)