Linksys WAG200G - Information disclosure (fwd)
robert at tellurian.com
Tue Mar 20 23:08:02 UTC 2007
At 05:48 PM 3/20/2007, you wrote:
>I wonder what their security process is for other types of routers?
Try psirt at cisco.com
>---------- Forwarded message ----------
>Date: 20 Mar 2007 20:31:01 -0000
>From: dniggebrugge at hotmail.com
>To: bugtraq at securityfocus.com
>Subject: Linksys WAG200G - Information disclosure
>About 2 months ago I bought a wireless ADSL
>modem/router, the Linksys WAG200G. Just did some
>basic security checks and to my utter surprise
>the device responded with about all sensitive information it knows:
>* Product model
>* Password webinterface
>* Username PPPoA
>* Password PPPoA
>* WPA Passphrase
>I notified Linksys, got some regular support
>questions and was then assured my concerns would
>be forwarded to the product engineers. Some
>weeks later I tried again, same message, silence since then.
>My firmware version is 1.01.01, latest available for this type.
>Sent a packet to UDP port 916.
>Answer contains mentioned information.
>(LAN interface and Wireless interface)
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
More information about the NANOG