OSVDB ID: 18293

Title: Belkin 54G Routers Admin Account Default Null Password

Info

Disclosure

Jul 15, 2005

Discovery

Unknown

Dates

Exploit

Jul 15, 2005

Solution

Unknown

Description

By default, many Belkin 54G wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system as the routers come preconfigured with remote telnet access enabled.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Change Default Setting
Exploit: Exploit Public

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Ensure that the username and password for the router are immediately changed, and disable remote telnet access.

Products

Belkin International,Inc

Wireless Routers

54g

References

Credit

  • Adrian Pastor - ProCheckUp Ltd


Direct URL: http://osvdb.org/18293