Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Linksys WAP610N has Unauthenticated Root Console issue SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Linksys WAP610N has Unauthenticated Root Console issue

Passed to the Internet Storm Center from Jim.

Linksys wireless access point (WAP610N) has an unauthenticated root console issue  

Taken from the actual advisory

*** SUMMARY ***

Linksys WAP610N is a SOHO wireless access point supporting 802.11n draft.

Unauthenticated remote textual administration console has been found that allow an attacker to run system command as root user.

Full details can be found here:

This issue was also posted to the Full Disclosure mailing list


Chris Mohan --- ISC Handler on Duty


105 Posts
ISC Handler
Feb 10th 2011
wow, wide open.. I happened to have a few of these in my office new in the box. Just tested a direct telnet connection to 1111 and dropped into a UID0 shell, no password required.

Sign Up for Free or Log In to start participating in the conversation!