CVE-2004-2606

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

Affected (2)

Products: Linksys: Befsr41 V3, Wrt54g

Linksys

2 products

Befsr41 V3

Wrt54g

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Linksys Befsr41 V3	All versions
Linksys Wrt54g	Version 2.02.7

References (26)

ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip (unsafe URL)

Source: cve@mitre.org

Patch

http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html

Source: cve@mitre.org

http://secunia.com/advisories/11754

Source: cve@mitre.org

PatchVendor Advisory

http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201

Source: cve@mitre.org

Patch

http://www.nwfusion.com/news/2004/0607confuse.html

Source: cve@mitre.org

http://www.osvdb.org/6577

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/365175

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/365227/30/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/10441

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/16274

Source: cve@mitre.org

ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip (unsafe URL)