Linksys WAG200G - Information disclosure (fwd)

Robert Boyle robert at tellurian.com
Tue Mar 20 23:08:02 UTC 2007


At 05:48 PM 3/20/2007, you wrote:
>I wonder what their security process is for other types of routers?

Try psirt at cisco.com

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#Problems

-Robert


>---------- Forwarded message ----------
>Date: 20 Mar 2007 20:31:01 -0000
>From: dniggebrugge at hotmail.com
>To: bugtraq at securityfocus.com
>Subject: Linksys WAG200G - Information disclosure
>
>Hi there,
>
>About 2 months ago I bought a wireless ADSL 
>modem/router, the Linksys WAG200G. Just did some 
>basic security checks and to my utter surprise 
>the device responded with about all sensitive information it knows:
>
>* Product model
>* Password webinterface
>* Username PPPoA
>* Password PPPoA
>* SSID
>* WPA Passphrase
>
>I notified Linksys, got some regular support 
>questions and was then assured my concerns would 
>be forwarded to the product engineers. Some 
>weeks later I tried again, same message, silence since then.
>
>My firmware version is 1.01.01, latest available for this type.
>
>'Technical' info:
>Sent a packet to UDP port 916.
>Answer contains mentioned information.
>(LAN interface and Wireless interface)
>
>Greetings,
>Daniël Niggebrugge

Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin




More information about the NANOG mailing list