Security Risk: WRV54G QUICKVPN Enables Remote Management

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by justincase, May 21, 2006.

  1. justincase

    justincase LI Guru Member

    I have a WRG54G, and I found out that if you click "save" on the adminstrative page where you change the password, or if you add/edit a qvpn user, it will enable remote management on port 443.

    Test your router by going to https://"your wan address"

    Even if your Admin page says that remote management is disabled it will still bring up the remote management page.

    The only way I have found to fix this is to download the config file, find the line of code in the middle of the file:


    Change the 1 to 0 and then reload the config file.

    I have been on the phone with linksys for a few days, and they say that the 2.39.2 FW they sent me will fix it.
    I will load it up and test tomorrow.
    I guess they open that port for QVPN to negotiate a connection. However it should not enable remote management.

    let me know if anyone else has this problem.

  2. TazUk

    TazUk Network Guru Member

    If you do that from the LAN side of the router it will work, if you try it from somewhere else on the internet it will fail.
  3. justincase

    justincase LI Guru Member

    I tried it from one of my other wan addresses. If I connect with QVPN, access the router and click save on the Password page or edit any of the QVPN users, it will be open for remote management when the router restarts. I have been able to access the router with a completely different WAN addrss, including dialup aol.
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    From what I gather, you have this access "after" you've connected with Qvpn. Based on that, you don't have a security issue. If this could be done "prior" to your connection, then there would be problems.

    You're connecting via vpn; once you do, of course you can bring up any computer/router from your location.

    Linksys is "S-L-O-W" to respond on occasions, but they're not that sloppy with security...

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice