Linksys WAG200G - Information disclosure (fwd)

Robert Boyle robert at
Tue Mar 20 23:08:02 UTC 2007

At 05:48 PM 3/20/2007, you wrote:
>I wonder what their security process is for other types of routers?

Try psirt at


>---------- Forwarded message ----------
>Date: 20 Mar 2007 20:31:01 -0000
>From: dniggebrugge at
>To: bugtraq at
>Subject: Linksys WAG200G - Information disclosure
>Hi there,
>About 2 months ago I bought a wireless ADSL 
>modem/router, the Linksys WAG200G. Just did some 
>basic security checks and to my utter surprise 
>the device responded with about all sensitive information it knows:
>* Product model
>* Password webinterface
>* Username PPPoA
>* Password PPPoA
>* WPA Passphrase
>I notified Linksys, got some regular support 
>questions and was then assured my concerns would 
>be forwarded to the product engineers. Some 
>weeks later I tried again, same message, silence since then.
>My firmware version is 1.01.01, latest available for this type.
>'Technical' info:
>Sent a packet to UDP port 916.
>Answer contains mentioned information.
>(LAN interface and Wireless interface)
>Daniël Niggebrugge

Tellurian Networks - Global Hosting Solutions Since 1995 | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin

More information about the NANOG mailing list