I could easily be wrong, but my sense is that back door might be there intentionally for service personnel to recover a locked out router? If so, I imagine Linksys et al will not be happy about this report. Although it's also a bit surprising it wasn't already known if this were the case.
I recently got a free used Linksys wireless router and downloaded the latest vendor firmware for it (dd-wrt still to come). As part of the download process you're supposed to read and agree to an EULA. I just skimmed it, but I noticed there was a bit about agreeing not to dis-assemble anything.
I hope the Linksys lawyers won't be going after the hacker. Maybe the fact that there is a vulnerability in their systems, whatever the intent of it, would make that too much of a public relations disaster for them to pursue.
|