PT-2002-2873 · Linksys · Linksys Etherfast Cable/Dsl

Published

2002-12-31

Updated

2017-07-12

CVE-2002-2159

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linksys EtherFast Cable/DSL versions BEFSR11, BEFSR41, and BEFSRU31 with firmware 1.42.7

Description: The issue allows remote attackers to gain access to the device by opening TCP port 5678 for remote administration, even when the "Block WAN" and "Remote Admin" options are disabled.

Recommendations: For Linksys EtherFast Cable/DSL versions BEFSR11, BEFSR41, and BEFSRU31 with firmware 1.42.7, consider disabling remote administration as a temporary workaround until a patch is available. Restrict access to TCP port 5678 to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2159

Affected Products

Linksys Etherfast Cable/Dsl

PT-2002-2873 · Linksys · Linksys Etherfast Cable/Dsl

CVE-2002-2159

Related Identifiers

Affected Products

References · 4