yes negative, i did spell defaults incorrectly in my "exploit" (if that's what you want to call it).
So that might be the problem... but i'm still just a newbie... i need to go download the source code from linksys again.

one more little thing negative, you might have overlooked this in your link... but there should be a ? between cgi and sysPasswd, like this: cgi?sysPasswd

and trying it with defaults spelled correctly has the same effect. So it's just some buffer overrun, right?