[原文]ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote attacker to manipulate arbitrary router settings. The problem is that the 'auth()' method in 'ezconfig.asp' does not contain an authentication initialization function, which may allow a remote attacker to obtain encrypted configuration information and manipulate arbitrary router settings resulting in a loss of integrity.
Upgrade to firmware 4.20.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.