Security Information and Review

Collection of security information and review

Linksys WAG54G2 feature and vulnerability

Author : Admin

Linksys, a division of Cisco System Inc., is the recognized global leader in VOIP, Wireless and Ethernet networking for home and SOHO ( small office home office ). Linksys headquartedred in Irvine, California, has been acquired by Cisco system, Inc in June 2003.


One of famous product Linksys is WAG54G2, provides ADSL / WIFI / Ethernet interfaces with base on a Linux distribution which run on ARM architecture. The ARM family accounts for approximately 90% of all embedded 32-bit RISC CPU as of April 2009. It’s found in most corners of consumer electronics, from portable devices like PDA, mobil phone, iPods and other digital media and music players to computer peripherials such hard drives, desktop and routers.


 With Linksys WAG54G2, we can build high speed ADSL2+ modem and connetion to internet very fast and easily. The wireless G ADSL2+ gateway is great for sharing an internet connection and connecting all of computer to each other without wires or cable. Wireless security and firewall protection designed to help safeguard home network and computers from most internet attacks, really ..?

Linksys WAG54G2 can be managed via a management console which is on by default ( LAN users only ). Web administration in Linksys WAG54G2 can be injection with simple injection leads to OS root access. This effective and affected on firmware v1.00.10, it can be exploited using CSRF. One can still backdoor the router having access to web administration. Another outcome of the bug is an ablility to quite easily examine what services are running on the router, what is its internal configuration, etc. It may be a hint to find some more interesting vulnerabilities.
Also if one could find auth bypass vulnerability in http server / management software it can lead to easy full remote router compromise. See detail technique exploit at


so, how to harddening security of Linksys WAG52G2 ? First,  possible remote exploitation would need a router with not changed default user/password to web management. If the password was changed the issue is not remotely exploitable. So we believe that the issue is not critical (ie: no direct remote compromise / in any conditions; on the other hand how many people change default router credentials?). Second, there are not find authentication bypass in the router. Third, the web management console is open by default to LAN users only (it is not accessible directly from WAN - so for example CSRF is needed to try remote exploitation the issue).

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: device security
If you like this posts, please leave messages / comments.