Linksys Router Debug Credentials (Gemtek / gemtekswd)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

It is possible to log on the remote device with a default password.

Description :

The remote Linksys device accepts hard-coded default credentials
(Gemtek / gemtekswd) on a debug page.

An attacker can run arbitrary commands on this device using this

This flaw is known to affect two firmware versions :

- Linksys WAP54Gv3 3.4.3.(US)
- Linksys WAP54Gv3 3.5.3.(Europe)

See also :

Solution :

This debug account cannot be disabled. Contact the vendor and ask
about a firmware upgrade.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49646 (linksys_debug_gemtek.nasl)

Bugtraq ID: 40648

CVE ID: CVE-2010-1573