Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Linksys Router Default Password

🗓️ 03 Nov 2005 00:00:00Reported by This script is Copyright (C) 2002 Digital Defense Inc.Type 
openvas
 openvas🔗 plugins.openvas.org👁 23 Views

Linksys Router web administration console default password vulnerabilit

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		3Com Superstack 3 Switch Multiple Default Accounts
29 Aug 200100:00
nessus
Tenable Nessus		Cisco Multiple Devices Unpassworded Account
7 Sep 200100:00
nessus
Tenable Nessus		Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
3 Jun 200500:00
nessus
Tenable Nessus		Cayman DSL Router Unauthenticated Access
12 Mar 200000:00
nessus
Tenable Nessus		Shiva LanRover Blank Password
5 Jun 200200:00
nessus
Tenable Nessus		Linksys Router Default Password
5 Jun 200200:00
nessus
Tenable Nessus		Enhydra Multiserver Default Password
22 Jan 200300:00
nessus
Tenable Nessus		MikroTik RouterOS with Blank Password (telnet check)
11 Feb 200800:00
nessus
Tenable Nessus		Apache Tomcat Default Accounts
22 Jan 200300:00
nessus
Tenable Nessus		PostgreSQL Default Unpassworded Account
27 Jul 200000:00
nessus
Rows per page
# OpenVAS Vulnerability Test
# $Id: DDI_Linksys_Router_Default_Password.nasl 6040 2017-04-27 09:02:38Z teissa $
# Description: Linksys Router Default Password
#
# Authors:
# Forrest Rae <[email protected]>
#
# Copyright:
# Copyright (C) 2002 Digital Defense Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "This Linksys Router has the default password 
set for the web administration console. 
This console provides read/write access to the
router's configuration. An attacker could take
advantage of this to reconfigure the router and 
possibly re-route traffic.";

tag_solution = "Please assign the web administration
          console a difficult to guess password.";

if(description)
{
	script_id(10999);
	script_version("$Revision: 6040 $");
	script_tag(name:"last_modification", value:"$Date: 2017-04-27 11:02:38 +0200 (Thu, 27 Apr 2017) $");
	script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
    script_tag(name:"cvss_base", value:"4.6");
    script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
	script_cve_id("CVE-1999-0508");
	name = "Linksys Router Default Password";
	script_name(name);
	summary = "Linksys Router Default Password";
	script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_active");
	script_copyright("This script is Copyright (C) 2002 Digital Defense Inc.");
	family = "General";
	script_family(family);
	script_dependencies("find_service.nasl");
	script_require_ports("Services/www", 80);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
	exit(0);
}

#
# The script code starts here
#
include("http_func.inc");

port = get_http_port(default:80);

if (!get_port_state(port))port = 8080;

if(get_port_state(port))
{
	soc = open_sock_tcp(port);
	if (soc)
	{
	
		# HTTP auth = ":admin"
		# req = string("GET / HTTP/1.0\r\nAuthorization: Basic OmFkbWlu\r\n\r\n");
		
		# HTTP auth = "admin:admin"
		req = string("GET / HTTP/1.0\r\nAuthorization: Basic YWRtaW46YWRtaW4=\r\n\r\n");
		
		# Both work, second is used to be RFC compliant.
		
		send(socket:soc, data:req);
		buf = http_recv(socket:soc);
		
		close(soc);
		if (("Status.htm" >< buf) && ("DHCP.htm" >< buf) && ("Log.htm" >< buf) && ("Security.htm" >< buf) ||
		    ("next_file=Setup.htm" >< buf && "Checking JavaScript Support" >< buf) #WAG120N
		    )
		{
			security_message(port:port);
		}
	}
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Nov 2005 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.46253
linksysrouteradministrationconsoledefault passwordvulnerability
23
.json
Report