Security hole in wireless router.
ExtremeTech reports a security vulnerability in the Linksys Wireless G Broadband Router (WRT54G). (Link from eWeek.)
As a side note, I'm not sure it qualifies as a security hole in the device; the claim is that access to the router can be accomplished using an "easily guessed" password. The problem (based on my admittedly quick read) appears to be related to weak passwords or careless users who do not change the defaults. Perhaps I'm misunderstanding something. Calling this a security hole, then, is misleading and implies that the vendor is responsible for the vulnerability, rather than the user who neglects to read the instructions and protect herself.
Comments
That's the ticket. All Linksys routers ship with a default password (and blank username); at ABA TechShow, out of curiosity, I tried it in the speaker ready room: sure enough, I got into the router's webserver and was able to see every computer connected to the device.
Didn't do anything of course. But it's not Linksys's issue, though I suppose you could configure it that it wouldn't establish an external internet connection until the password was changed...
Posted by: Rick Klau | June 3, 2004 04:19 PM