Info

Disclosure

Jul 15, 2005

Discovery

Unknown

Dates

Exploit

Jul 15, 2005

Solution

Unknown

Description

By default, many of Belkin wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Availability
Solution: Change Default Setting
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Immediately after installation, change all default passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

Belkin

Wireless Routers

54g

References

ISS X-Force ID: 21412
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0236.html
CVE ID: 2005-2374 (see also: NVD)
Security Tracker: 1014493
Vendor URL: http://www.belkin.com/

Credit

Adrian Pastor - ProCheckUp Ltd

Direct URL: http://osvdb.org/36218