Linksys Router Debug Credentials (Gemtek / gemtekswd)

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

It is possible to log on the remote device with a default password.

Description :

The remote Linksys device accepts hard-coded default credentials
(Gemtek / gemtekswd) on a debug page.

An attacker can run arbitrary commands on this device using this
account.

This flaw is known to affect two firmware versions :

- Linksys WAP54Gv3 3.4.3.(US)
- Linksys WAP54Gv3 3.5.3.(Europe)

See also :

http://www.nessus.org/u?5d5ffb8d
http://www.icysilence.org/?p=268
http://tools.cisco.com/security/center/viewAlert.x?alertId=20682
http://downloads.linksysbycisco.com/downloads/wap54g_fw_ver30806.txt

Solution :

This debug account cannot be disabled. Contact the vendor and ask
about a firmware upgrade.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49646 (linksys_debug_gemtek.nasl)

Bugtraq ID: 40648

CVE ID: CVE-2010-1573