Info

Disclosure

Sep 12, 2002

Discovery

Sep 12, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, Linksys routers install with a default password. The administrative account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Remote / Network Access, Local / Remote
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Change Default Setting
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

Cisco Systems, Inc.

Linksys Routers

All

References

Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=Linksys

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/821