[95427] in North American Network Operators' Group
Linksys WAG200G - Information disclosure (fwd)
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Mar 20 17:49:49 2007
Date: Tue, 20 Mar 2007 16:48:19 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
I wonder what their security process is for other types of routers?
---------- Forwarded message ----------
Date: 20 Mar 2007 20:31:01 -0000
From: dniggebrugge@hotmail.com
To: bugtraq@securityfocus.com
Subject: Linksys WAG200G - Information disclosure
Hi there,
About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG20=
0G. Just did some basic security checks and to my utter surprise the device=
responded with about all sensitive information it knows:
* Product model
* Password webinterface
* Username PPPoA
* Password PPPoA
* SSID
* WPA Passphrase
I notified Linksys, got some regular support questions and was then assured=
my concerns would be forwarded to the product engineers. Some weeks later =
I tried again, same message, silence since then.
My firmware version is 1.01.01, latest available for this type.
'Technical' info:
Sent a packet to UDP port 916.
Answer contains mentioned information.
(LAN interface and Wireless interface)
Greetings,
Dani=EBl Niggebrugge
