http://blogs.zdnet.com/security/?p=4702&tag=nl.e550

Newsworthy in Technology News? I kinda thought so. Also a kind of warning, methinks.

What I dont understand is if this trick works from the WAN or LAN? Even though its trivial to crack WEP and access the router you still need to be in range.

It looks like the lan, but my parents had this router initially and the range was always pretty good - if you could get to the street outside the house, you could easily get signal and an IP address (considering the lock down was WEP only). If you could crack WEP (didn't take long either) you could get to the web page and simply change everything. It is a pretty harmless hack (they have reset buttons, etc, so if you got locked out you could reset it), but it would be pretty annoying at the least.

Suffice to say when I heard about this I sent them a Linksys router running tomato, and got them set up pretty quickly. The fact this "hole" existed on an SMC device doesn't surprise me, nor that TW likely knew about this but shipped them anyway because they were cheap.