WRV54G enabling syslog enables security issue

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by JonAlthoff, Apr 24, 2004.

  1. JonAlthoff

    JonAlthoff Network Guru Member

    WRV54G firmware revisions 2.21 and 2.52.2 (not sure about others). If you enable syslog you will then be able to access the routers configuration with NO username and No password. I beleive it will also allow remote access to the router whether or not remote management is enabled. Only fix is to do a hardware reset and not enable the syslog. I had a Linksys tech access the router from 5 different computers while on the phone with support.
  2. Fltsimbuff

    Fltsimbuff Network Guru Member


    I'll post this here too just in case...

    I was able to fix this after enabling syslog on my WRV54G... Here is

    1. Goto Config management and download the config.

    2. Open it in wordpad to edit.

    3. Search for your router username.... you should come to this

    (username([your username]))
    (password([password hash]))
    # (1
    # (notify_level
    # (0(15))
    # (1(15))
    # )
    # (email())
    # )


    Next, remove the lines I marked with the #'s... This is a null admin
    user that seems to get added whenever the syslog setting is changed.
    Be careful not to change the info for user 0 (your admin user/pass)

    You could probably also add your own additional users like this,
    maybe even giving some read only permissions from the looks of it...
    anyway, continuing on...

    Save the file, and go back to Config management, and load it into the

    The router will reboot, and the null password/user should no longer
    work. Syslog can still be enabled, I have not tested this to see if
    it breaks syslog though.

    I hope this works for everyone. Let me know if you have any questions.
  3. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Re: Fix


    Thanks very much. Worked like a charm and I'm much happier that my secure gateway is indeed secure! I really like the detailed syslog feature and was annoyed that I couldn't do both remote admin *and* syslog.

  4. eldk

    eldk Network Guru Member

    I have tried it (firmware 2.25.2).

    It's only when you enable remote administration that a new user is create with no login and no password.

    I've done has describe below to removed this "anonymous" user and now it is fixed.

    Is there someone who feedback linksys tech ?

  5. Fltsimbuff

    Fltsimbuff Network Guru Member


    I emailed and chatted, and called Linksys a long time ago about the issue (around May 4th). At first after I explained the whole issue, they sent an email back telling me what the default username and password is, and how to log in.

    Thanks Linksys.

    Finally got them to see the issue... Had them try to log into mine when I was speaking to a guy on the phone... he said he would send it off to the software engineers.
  6. JonAlthoff

    JonAlthoff Network Guru Member

    They've known about it since before my original post in April. The Linksys Tech accessed my router from 5 different computers without a username and password.
  7. Fltsimbuff

    Fltsimbuff Network Guru Member


    Yeah... that makes it worse.... and even worse still is the fact I handed the solution to them practically on a silver platter, yet they still have not done anything about it.

    By the way... are you the one that originally found the bug? (as far as we know)... I never got to properly thank whoever did... because I had my router open like that until I read about it.
  8. JonAlthoff

    JonAlthoff Network Guru Member

    I don't think I found the problem. I think I am the one who found the cause of it neing the enabling of the syslog. I was going back through my emails in the Yahoo! WRV54G group to see who found out how to remove the blank username and password and found out who it was... Fltsimbuff. If you still have them in your email you could check them or check them from the Yahoo! group site.


    Oh yeah, Then I read the above messages and found the solution much quicker.
  9. svg1

    svg1 Network Guru Member

    Im able to log into my router with no username or password when using 2.21 with remote admin & syslog disabled . I did have the email log feature enabled though .

    Never tried it with the email feature disabled . I have tried every version except 2.37.13 & im only able to login with no username or password using 2.21us or eu versions.
  10. svg1

    svg1 Network Guru Member

    Re: Fix

    Tryed this config edit on firmware 2.10 & yes the email log & syslog features do work after making the changes . :D

    I did some testing and have found that even if you dont make any changes on the log page & hit save that it adds the entry above which causes the no username /password issue .

    The fix posted by Fltsimbuff does work but be aware if you hit save on the log page even after editing the config the bad code will then be added again .

    So if you want the log feature to work without the security issue , enable the log first & enter all required info , dowload the config file , edit & save then load back onto the wrv . :thumb:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice