A serious remote access vulnerability in Cisco’s Linksys WAP610N wireless access points has been disclosed on the Full Disclosure mailing list and a well known exploits database web site. By using telnet to connect to a specific port on the access point, an attacker can gain unauthenticated root access. The disclosure also reveals the default root password of the router having been cracked from the shadow password file and being far too short and simple. This password is not the same as the default admin password used for the administrative web page. This inexpensive access point is commonly used in small office home office, SOHO, environments but may also be present in some larger enterprises. The discloser claims to have notified the vendor in June of 2010 and goes on to state there is no patch for this currently available. At the time of disclosure, the latest firmware available from the Cisco site was version 1.0.01 (build 94) released on 02/22/2010. Owners of these routers are strongly urged to block all traffic to this router on TCP port 1111, block access to management web pages from remote locations, make sure all passwords are changed to strong, secure passwords and to update to the latest firmware as soon as it becomes available from the vendor.
http://seclists.org/fulldisclosure/2011/Feb/228
http://www.exploit-db.com/exploits/16149/
http://www.securenetwork.it/ricerca/advisory/download/SN-2010-08.txt
http://www.linksysbycisco.com