Linksys WAG200G - Information disclosure (fwd)

• Previous message (by thread): Linksys WAG200G - Information disclosure (fwd)
• Next message (by thread): Hardware Search
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Karin and me have just completed a little test, in case you own such a router.

On the IASON homepage

http://iason.site.voila.fr

scroll down, look for the picture of the two pirates and klick

Port 916 Backdoor

the file

udp916.tgz

contains Makefile and sources for "test916 <router name or ip>" and
in case your router does not answer port 916 udp a little server
"server-916". The server must be run as root. It will terminate
after the first test from the client, telling you at least the
query from the client and the name and ip-addresses.

Enjoy
Peter and Karin Dambier


Robert Boyle wrote:
> 
> At 05:48 PM 3/20/2007, you wrote:
> 
>> I wonder what their security process is for other types of routers?
> 
> 
> Try psirt at cisco.com
> 
> http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#Problems 
> 
> 
> -Robert
> 
> 
>> ---------- Forwarded message ----------
>> Date: 20 Mar 2007 20:31:01 -0000
>> From: dniggebrugge at hotmail.com
>> To: bugtraq at securityfocus.com
>> Subject: Linksys WAG200G - Information disclosure
>>
>> Hi there,
>>
>> About 2 months ago I bought a wireless ADSL modem/router, the Linksys 
>> WAG200G. Just did some basic security checks and to my utter surprise 
>> the device responded with about all sensitive information it knows:
>>
>> * Product model
>> * Password webinterface
>> * Username PPPoA
>> * Password PPPoA
>> * SSID
>> * WPA Passphrase
>>
>> I notified Linksys, got some regular support questions and was then 
>> assured my concerns would be forwarded to the product engineers. Some 
>> weeks later I tried again, same message, silence since then.
>>
>> My firmware version is 1.01.01, latest available for this type.
>>
>> 'Technical' info:
>> Sent a packet to UDP port 916.
>> Answer contains mentioned information.
>> (LAN interface and Wireless interface)
>>
>> Greetings,
>> Daniël Niggebrugge
> 
> 
> Tellurian Networks - Global Hosting Solutions Since 1995
> http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
> "Well done is better than well said." - Benjamin Frankli
> n


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/

• Previous message (by thread): Linksys WAG200G - Information disclosure (fwd)
• Next message (by thread): Hardware Search
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]