Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linksys router vulnerability

Status
Not open for further replies.
As I read the article it seems it requires network access from the inside to work so their is no vulnerability from the internet. So the vulnerability is only from a inside dos job. Being a soho device I don't see this as a big deal unless someone puts it in a med/large or IT business.

Just my opinion A+ N+ Sec+ SME/Sec+
 
The remote management feature is so you can administer the router from the WAN side of things, so yes, there is a vulnerability.

In most situations, the attacker would already need to be on a computer connected to the network to execute an attack. However, if the router has a 'remote management' feature enabled, a malicious hacker could execute an attack from anywhere on the Internet by entering the IP (Internet Protocol) address of the router along with the name of the script into his or her Web browser.

Best to have that feature turned off in any case.

Chip H.
 
I did mention it is not meant for medium/large or IT businesses which is where your WAN's are going to show up.

Also as mentioned by another, admin/tech should still verify remote management is off after install in p2p or lan.

I don't see this as a issue for SOHO, at someones home or small business there will be no WAN because it's a SOHO device. If misused that's another story. A+ N+ Sec+ SME/Sec+
 
I don't see this as a issue for SOHO, at someones home or small business there will be no WAN because it's a SOHO device. If misused that's another story.

If they just wanted to connect a couple of PCs, then they'd buy a 4-port hub (much cheaper than a router/gateway device).

The WAN port on these devices is usually plugged into a DSL or cable modem when used in a home or SOHO.

Chip H.
 
I talked to a co-worker to verify "remote management" is off by default. It is off by default.

So unless someone turns it on (bad move anyway), it should be fine because there is no access to the device from the net. A+ N+ Sec+ SME/Sec+
 
chiph
The security issues here are a little over my head, I'm reading and trying to learn; however in regard to your comment about hub being cheaper,
I was just recently asking an electronically oriented friend if I could use a router as just a hub because when you look at some of the weekly specials-Best Buy, Comp USA, etc-routers come up cheaper than hubs on the after rebate specials--I could buy a router for $10-$15 less than a hub.
 
You could use a router with a four port hub built in as your hub without using the WAN connection. One reason to do this would be to use the router as a DHCP server. That would make setting up a home network easier for a novice.
 
It isn't a vulnerability. If you enable the web interface on a cisco router for remote administration on your WAN interface that just happens to be connected to the web then ANYONE with a browser can get into the router. If I recall the linksys routers have it disabled by default so the person who owns it would need to activate it.
 
Status
Not open for further replies.

Similar threads

technome
  • Locked
  • Question
Linksys router vulnerability
Replies
0
Views
89
technome
technome
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
155
brownmab53
brownmab53
kjv1611
  • Locked
  • News
Asus Router Vulnerability Exploited
Replies
0
Views
112
kjv1611
kjv1611
skk391
  • Locked
  • Question
Configuring ASA behind ADSL router
Replies
0
Views
108
skk391
skk391
basball
  • Locked
  • Question
How to connect between two different subnets on the same router?
Replies
0
Views
108
basball
basball

Part and Inventory Search

Sponsor

Back
Top