Linksys WAP54G Insecure Debug Interface

Linksys WAP54G is a wireless access points that allow wireless clients connectivity to wired networks.  It supports 802.11b and 802.11g protocols, with data rates up to 54Mbit/s.  Linksys WAPs are quite popular in the home and small business market.

A debug interface allowing for the execution of root privileged shell commands is available on dedicated web pages on the device.  Hardcoded credentials, that cannot be changed by user, can be used for accessing the debug interface.

Impacts:

  • Remote access and modifications to access point settings and configuration.
  • Remote extraction of sensitive information such as credentials for logging into the administration interface, Wi-FI SSIDs and passphrases.
  • Remote download and execution of malicious applications.
  • “Remote blind” attacks, where malicious web pages are used by an attacker over the Internet to execute code on a victim access point with private addressing, by leveraging a user browser as a 3rd party “reflector”, may also be possible.

 Additional information available at http://www.icysilence.org

Advertisements