Linksys Router Default Password

Critical Nessus Plugin ID 10999

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote system can be accessed with a default administrator account.

Description

The remote Linksys router accepts the default password 'admin' for the web administration console. This console provides read/write access to the router's configuration. An attacker could take advantage of this to reconfigure the router and possibly re-route traffic.

Solution

Change the password for this account.

Plugin Details

Severity: Critical

ID: 10999

File Name: DDI_Linksys_Router_Default_Password.nasl

Version: Revision: 1.14

Type: remote

Family: CISCO

Published: 2002/06/05

Updated: 2013/12/17

Dependencies: 10107

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Services/www

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508