Confusion surrounds Cisco-Linksys wireless hole

A report last week about a security hole in a wireless broadband router made by Cisco Systems' Linksys division overstated the severity of the vulnerability, according to the man who first warned of the problem.

Independent technology consultant Alan Rateliff said Monday that Cisco's Linksys WRT54G wireless routers are not, by default, vulnerable to remote takeover from a malicious hacker. However, a vulnerability in the software that runs on those devices could still allow a malicious hacker to access administrative features for the router and take control of the device.

Rateliff first posted a warning about the WRT54G on the Bugtraq discussion list on May 31. Based on testing with a sample Cisco router, Rateliff concluded that the routers were shipped with a configuration that would allow remote attackers to access the Web-based administration interface for the devices over two common communications ports, 80 and 443. The WRT54G, like other wireless routers, enables multiple computers to share a broadband Internet connection using wireless networking equipment

The Bugtraq post prompted numerous responses that contested Rateliff's findings. After testing additional WRT54G devices, Rateliff said he found that the devices were not vulnerable in their default configuration, but could still be compromised remotely given the right circumstances.

In particular, Rateliff discovered that a firewall feature in the routers is enabled, rather than disabled, by default, which prevents compromise on new systems.

On versions of the router using software (or "firmware) versions 2.02.2 and 2.02.7, malicious hackers can access the router's administrator interface and change the configuration of the router if the firewall feature is disabled and if the router's owner does not change the default administrator's password. The devices could be compromised regardless of whether a feature that provides remote, Web-based access to the routers was enabled or disabled, he said.

Cisco has since released a test, or "beta" version of software for the device that fixes the remote access problem, he said. (See:

Rateliff posted a message to Bugtraq on June 2 and acknowledged that he made an error in his initial warning about the problem, but said he was just posting his findings based on a test of the Cisco hardware, standard practice in the Bugtraq forum. Rateliff did not expect the immense response to his post, which spawned stories in a number of online news outlets and prompted multiple responses on Bugtraq.

"The exposure on this is not as bad as the (discussion) on Bugtraq made it seem. I can't account for the results of the first test, but at this point that's irrelevant. What's relevant now is that 'out of box' home users are safe," Rateliff said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?