The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zip
archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
secunia.com/advisories/11754
web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201
www.nwfusion.com/news/2004/0607confuse.html
www.osvdb.org/6577
www.securityfocus.com/archive/1/365175
www.securityfocus.com/archive/1/365227/30/0/threaded
www.securityfocus.com/bid/10441
exchange.xforce.ibmcloud.com/vulnerabilities/16274