It's interesting, the advisory claims that this can be exploited even when remote admin is disabled. I tried to break my own router with their advice, but it didn't work. (Maybe a kind soul has already cracked my router and updated my firmware for me? :-)
Presumably you can reset the password with this: http://192.168.1.1/Gozila.cgi?setPasswd=hola&RemoteManagement=1&.xml=1 (replace the ip with the ip of your router's local interface) but this didn't do nuttin for me... That's good news. I think. > -----Original Message----- > From: Craig Dickson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 10, 2002 9:52 PM > To: [EMAIL PROTECTED] > Cc: Derrick 'dman' Hudson > Subject: Re: FYI: Linksys router vulnerability > > Derrick 'dman' Hudson wrote: > > > While this isn't about debian, there are probably a good number of > > debian users who have Linksys router devices on their home network. > > Well, that router may be insecure : > > http://www.corest.com/common/showdoc.php?idx=263&idxseccion=10 > > Old news, and these bugs are only remotely exploitable if you have > Remote Administration enabled. RA is turned off by default, and most > people have no reason to have ever turned it on. > > Craig > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
