Re: Linksys WAG200G - Information disclosure
A new 1.01.04 firmware for the Linksys WAG200G seems to correct this security problem. Firmware 1.01.04 (04/04/2007) : - Fixes issue with incorrect upstream/downstream transmit power display on DSL Connection page - Fixes issue with ATT VPN client not connecting to ATT VPN network - Fixes issue with Security information disclosure for UDP port scan packet
Re: Linksys WAG200G - Information disclosure
[EMAIL PROTECTED] wrote: Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: [...] My firmware version is 1.01.01, latest available for this type. It works the same with WRT54GC v2 with (latest) firmware 1.00.7. Regards, BO
Linksys WAG200G - Information disclosure
Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: * Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then. My firmware version is 1.01.01, latest available for this type. 'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface) Greetings, Daniël Niggebrugge
Re: Linksys WAG200G - Information disclosure
Hi, Fyi, there's a [EMAIL PROTECTED] alias where you might find more joy than regular customer support. Reference: http://marc.info/?l=vulndiscussm=103668488421367w=2 Thanks, --scm On 20 Mar 2007 20:31:01 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: * Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then. My firmware version is 1.01.01, latest available for this type. 'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface) Greetings, Daniël Niggebrugge
