North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Linksys WAG200G - Information disclosure (fwd)

  • From: Robert Boyle
  • Date: Tue Mar 20 19:11:07 2007


At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?

Try [email protected]


http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#Problems

-Robert


---------- Forwarded message ----------
Date: 20 Mar 2007 20:31:01 -0000
From: [email protected]
To: [email protected]
Subject: Linksys WAG200G - Information disclosure

Hi there,

About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows:

* Product model
* Password webinterface
* Username PPPoA
* Password PPPoA
* SSID
* WPA Passphrase

I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then.

My firmware version is 1.01.01, latest available for this type.

'Technical' info:
Sent a packet to UDP port 916.
Answer contains mentioned information.
(LAN interface and Wireless interface)

Greetings,
Daniël Niggebrugge

Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin