Linksys WRT54GS Wireless Authentication Bypass Vulnerability

Linksys WRT54GS Wireless Authentication Bypass Vulnerability

Linksys WRT54GS is prone to an authentication bypass vulnerability. Reportedly the device permits client devices that are using no encryption to connect when an encryption setting is being used.

An attacker can exploit this vulnerability to bypass authentication and connect to a wireless network thought to be encrypted. This results in a false sense of security.

This issue is reported to affect firmware version 4.50.6; other firmware versions may also be affected.

This issue also appears to have been addressed in firmware version 4.70.6; this has not been confirmed by Symantec or the vendor.

Further information suggests this issue occurs when a firmware upgrade to version 4.50.6 has occurred but the unit has not been reset to factory defaults. Resetting the unit once the firmware has been upgraded is part of the recommended Linksys upgrade procedure.