Linksys WAG200G - Information disclosure (fwd)
Robert Boyle
robert at tellurian.com
Tue Mar 20 23:08:02 UTC 2007
At 05:48 PM 3/20/2007, you wrote:
>I wonder what their security process is for other types of routers?
Try psirt at cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#Problems
-Robert
>---------- Forwarded message ----------
>Date: 20 Mar 2007 20:31:01 -0000
>From: dniggebrugge at hotmail.com
>To: bugtraq at securityfocus.com
>Subject: Linksys WAG200G - Information disclosure
>
>Hi there,
>
>About 2 months ago I bought a wireless ADSL
>modem/router, the Linksys WAG200G. Just did some
>basic security checks and to my utter surprise
>the device responded with about all sensitive information it knows:
>
>* Product model
>* Password webinterface
>* Username PPPoA
>* Password PPPoA
>* SSID
>* WPA Passphrase
>
>I notified Linksys, got some regular support
>questions and was then assured my concerns would
>be forwarded to the product engineers. Some
>weeks later I tried again, same message, silence since then.
>
>My firmware version is 1.01.01, latest available for this type.
>
>'Technical' info:
>Sent a packet to UDP port 916.
>Answer contains mentioned information.
>(LAN interface and Wireless interface)
>
>Greetings,
>Daniël Niggebrugge
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
More information about the NANOG
mailing list