Routers OEM’d from AMIT have a security flaw that allows the admin page password to be viewed.  Details follow:


  • Internet Explorer 5.0 or above

  • Access to the History folder on the computer that IE is run from

How to View:
Log into the router, and hold the cursor over the URL in the history file that starts with “logi?RC=”.  The “tooltip” data contains the login password right after “&URL=”. (See the screen shot below)


– The password could not be viewed via the Netscape 4.7 History, or by viewing files in the browser cache.

– Any AMIT-based router that has a framed interface and that uses a web page form field for password entry will have the problem. The problem has been confirmed on the following products:

  • SMC7004AWBR wireless

  • SMC7008

  • DLink DI-713P

– It’s been confirmed that an SMC7004ABR (non AMIT) and Linksys BEFSR41 DO NOT have the problem.  (They use pop-up NT style login challenge boxes for login).

Clearing the IE History
 (Internet Options Control Panel > General Tab) after a router Admin session removes the password information.