CVE-2005-2914

Name of the Vulnerable Software and Affected Versions Linksys WRT54G router versions 2.04.4, 3.01.03, 3.03.6

Description The issue allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration, due to the lack of an authentication initialization function in the ezconfig.asp file.

Recommendations For version 2.04.4, consider applying a non-default configuration to mitigate the risk. For versions 3.01.03 and 3.03.6, restrict access to the ezconfig.asp file until a fix is available. As a temporary workaround, consider disabling remote access to the configuration interface until the issue is resolved.