Linksys WRT54G vulnerabilities

As reported by iDefense, there are several problems in multiple versions of firmware for Linksys’s WRT54G
1. Authentication problem in setup page
2. Buffer overflow in apply.cgi allows attacker to take action as administrator
3. The restore.cgi portion of the webpage will take unauthenticated restore commands and restore them at next boot.
4. Unauthenticated upgrade of the firmwware. Attacker could replace the firmware with their own code
5. Input validation may allow denial of service of the device.
The quick workaround for this is to make sure that the linksys administrator site on your router cannot be accessed over your wireless network.
• Connect to the web interface, typically at
• Go to the Administration page
• Select ‘Disable’ next to the ‘Wireless Access Web’
• Click the ‘Save Settings’ button.
Of course a malicious attacker on your internal wired network could still get you, but theoretically you have more control over where you live than where your wireless signal may reach.
Recommended action, check the Linksys support site for an upgrade to your router firmware.