Linksys WRT54GS security issue
Guest
Posts: n/a
Linksys WRT54GS security issue
Lifted entire from a post to the BUGTRAQ mailing list and posted here for information.
----------------------------------------
'It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware
version 1) wireless router allows wireless clients to connect and use the
network without actually authenticating. With WPA Personal/TKIP authentication
enabled, the unit allows both clients using encryption with the correct
settings and key, and clients not using any encryption. It disallows clients
attempting to use encryption with the wrong settings and/or key.
'In other words, even if you think you've secured your wireless network from
unauthorized access, anyone can access it. It actually shows up as having no
password security on a Macstumbler scan, which is how I noticed the problem.
I verified that anyone can access the network without needing to know the key.
'I did not check security modes other than WPA/TKIP. Other modes may have
different behavior. Changing the "Authentication Type" setting had no effect
on this problem. I believe it should be set to "Shared Key", but the setting
used does not appear to matter.
'I only verified the problem on firmware 4.50.6. It is unknown if other
firmware versions exhibit the problem. However, at least one older firmware
does not exhibit the problem, as my router functioned correctly until I
updated to 4.50.6.
'The problem appears to be fixed in version 4.70.6. No expliclit notice of
this problem or the fix appears in the release notes for version 4.70.6.
Strangely, the "Authentication Type" must be set to "Auto" for the unit to
function properly. Should it be set to "Shared Key", which one might expect
to be the correct value, the wireless functionality appears to be entirely
disabled.
'It is unknown if this problem is seen with other hardware versions, or with
other models. I suspect it may, given the similarity between many of the
Linksys models and their firmware.'
----------------------------------------
'It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware
version 1) wireless router allows wireless clients to connect and use the
network without actually authenticating. With WPA Personal/TKIP authentication
enabled, the unit allows both clients using encryption with the correct
settings and key, and clients not using any encryption. It disallows clients
attempting to use encryption with the wrong settings and/or key.
'In other words, even if you think you've secured your wireless network from
unauthorized access, anyone can access it. It actually shows up as having no
password security on a Macstumbler scan, which is how I noticed the problem.
I verified that anyone can access the network without needing to know the key.
'I did not check security modes other than WPA/TKIP. Other modes may have
different behavior. Changing the "Authentication Type" setting had no effect
on this problem. I believe it should be set to "Shared Key", but the setting
used does not appear to matter.
'I only verified the problem on firmware 4.50.6. It is unknown if other
firmware versions exhibit the problem. However, at least one older firmware
does not exhibit the problem, as my router functioned correctly until I
updated to 4.50.6.
'The problem appears to be fixed in version 4.70.6. No expliclit notice of
this problem or the fix appears in the release notes for version 4.70.6.
Strangely, the "Authentication Type" must be set to "Auto" for the unit to
function properly. Should it be set to "Shared Key", which one might expect
to be the correct value, the wireless functionality appears to be entirely
disabled.
'It is unknown if this problem is seen with other hardware versions, or with
other models. I suspect it may, given the similarity between many of the
Linksys models and their firmware.'
Sims Fly Virtually
Join Date: Jun 2001
Location: Used to be 3rd Sand Dune from the Left - But now I'm somewhere else somewhere else.
Posts: 704
Likes: 0
Received 0 Likes
on
0 Posts
LinkSys 54G
I have the same router on our local set-up. It's not in regular operation yet,as we're waiting for the internet connection, but I looked at the firmware and it's 3.something !
As soon as I can, I'll do the test, - we have no security turned on at the moment (no need as it's hardly ever switched on except for testing, and we're a pretty remote area anyway. I suppose if somebody really WANTs to park on top of the wadi and point a cantenna at me . . . ).
Just makes me wonder how long it's been sitting in the shop's stock with firmware that old, and we only bought it a couple of months ago!
I'll let you know when I check the security on the old firmware (probably works, and it was the mods that brought it up to 4.whatever to fix other problems that caused the security hole!)
As soon as I can, I'll do the test, - we have no security turned on at the moment (no need as it's hardly ever switched on except for testing, and we're a pretty remote area anyway. I suppose if somebody really WANTs to park on top of the wadi and point a cantenna at me . . . ).
Just makes me wonder how long it's been sitting in the shop's stock with firmware that old, and we only bought it a couple of months ago!
I'll let you know when I check the security on the old firmware (probably works, and it was the mods that brought it up to 4.whatever to fix other problems that caused the security hole!)