WRT54G Vulerabilities!

[jkrohn]

Six vulnerabilities have been found in this quite popular router. These are tested against the linksys firmware, but may be found in third party firmware as well. Please check with your firmware provider.

Some of these are quite serious!

http://isc.sans.org/diary.php?storyid=674

Jkrohn

[Socalgal]

Thanks!

[batmeat]

Nice, I have that router, but it's just sitting in a box.

[GroundZero3]

hahahahaha awsome

[Martoch]

Thanks for the info, I'm a WRT54G user.

It seems that 4 of the 5 workarounds are simply having wireless security in place and having the latest firmware.

Quote:

WORKAROUND
In order to mitigate exposure of the router and internal network to
outside attackers, ensure encryption is enabled on the wireless
interface. The exact settings to use are dependent on your wireless
deployment policies.

VENDOR RESPONSE
This vulnerability is addressed in firmware version 4.20.7 available for
download...

The other is simply disabling the web access from wireless users.

Quote:

In order to prevent exposure of this vulnerability from wireless clients,
disable wireless access to the web interface:

• Connect to the web interface, typically at http://192.168.1.1/
• Go to the Administration page
• Select 'Disable' next to the 'Wireless Access Web'
• Click the 'Save Settings' button.

Please note that this will only prevent wireless access, and not access
from one of the physical ports. Additionally, other vulnerabilities in
the httpd may allow exploitation of the router, even with this setting
enabled.

[GroundZero3]

Disabling access to the wireless clients should be off by default. (One of the first things i turned off) No one should ever have that on. They are just asking for trouble.

[Martoch]

Agreed, but how many router users even log into the dang thing? They just plug it all in, get on the internet, and surf away on multiple PC's. 75% of the router users I talk to look at me funny when I mention wireless security.

[Socalgal]

Quote:

75% of the router users I talk to look at me funny when I mention wireless security.

You sure it's not the mask?

[GroundZero3]

http://www.hyperwrt.org/forum/viewtopic.php?id=485

For those who want to keep HyperWRT!


err nevermind just noticed they modified the .6 and not .7

poop

[GroundZero3]

Quote:

Although it seems like the WRT54GS has been getting all the love lately, there's been a new rash of updates to the HyperWRT firmware for the venerable WRT54G.

Both a newcomer, Tofu, and the originator of this storm, Rupan, have taken to their keyboards to keep HyperWRT alive while Avenger2.0 is away from his.

Common to both releases is integration of the HyperWRT 2.1b1 code with Linksys' updated 4.20.7 codebase, upgrades to BusyBox 1.01, and the addition of static DHCP, ala Thibor's latest release for the WRT54GS. Although implemented differently, Tofu through the web GUI with a 5 client limitation and Rupan through Telnet, this has got to be one of the most requested additional features for the HyperWRT crowd. Other differences do exist and you can find them int he changelogs that follow. KaiStation is not included in either of these releases.

If you'd like to pick up either of these release follow the links:

Rupan's 09-26-05 release for the WRT54G: binary and source changes.

Tofu's TOFU5 release for the WRT54G: binary and source changes.

More complete changelogs can be found after Read More....



Rupan's 09-26-05 release changelog
o dnsmasq v2.23
o rewrite uptime() function to display actual uptime and load average
o support libresolv (+2kb) for various external software (a la Net-SNMP)
o iptables 1.2.9*
o Linksys codebase 4.20.7

in addition, the usual complement of features:

o edns and etherwake
o Busybox 1.01
o HyperWRT 2.1b1
o kai is *not* included (but may be in the future)
o static DHCP leases, but NOT from the web gui -- only from telnet


Tofu's TOFU5 release changelog:
o added static dhcp lease, 5 clients GUI interface
o udhcp* is now up to 0.9.9-pre
o included busybox 1.01.
o Incoming/outgoing logs have been updated to show denied and accepted connections.
o Syslog now works. Enter 0.0.0.0 to disable it. (By default it will load klogd to give you kernel messages, but if for some reason you want it disabled, you can do this by setting klogd=0 in nvram.)
o Linksys 4.20.7 codebase
o HyperWRT 2.1b1

from

http://www.linksysinfo.org/modules.p...rticle&sid=410



BTW Wallwatcher works with the WRT54G with the hyper/seasoft firmware!