| To: | "dniggebrugge@hotmail.com" <dniggebrugge@hotmail.com> |
|---|---|
| Subject: | Re: Linksys WAG200G - Information disclosure |
| From: | "Shawn Merdinger" <shawnmer@gmail.com> |
| Date: | Tue, 20 Mar 2007 14:25:10 -0800 |
| Cc: | bugtraq@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XtNnIft6U44DroQIkXCZ97CpZw3cBcCRZPx24LvHJ/55zztAQPVySgByUXj4mqZFfJKZ3omfOJVzCPHHxRizwjxzlos/SdgUeFYnyr0ADyDKFs3AQXmrY1a3OW5qUl6E7Ir/yJ2G1xhiSPpbO7vftk4IwViKZAhUKJgiqqRzcdc= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=i+xAb1V0D2z9xJQPvLOvDhDMWWj8pNwyy1kCVxs/2aGpg5a2kynxfJCtFBsrAAdapmwaKXs3l/O9W26ybrV3eT1BvmbcxlkfXA1dDju7A2qJzMLGAgImcRiNKpEVpvapd98tZWiwm20TEydS3sdcDX/4rgMnvIfX6CtOxExwB+w= |
| In-reply-to: | <20070320203101.5201.qmail@securityfocus.com> |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
| References: | <20070320203101.5201.qmail@securityfocus.com> |
Hi, Fyi, there's a "security@linksys.com" alias where you might find more joy than regular customer support. Reference: http://marc.info/?l=vulndiscuss&m=103668488421367&w=2 Thanks, --scm On 20 Mar 2007 20:31:01 -0000, dniggebrugge@hotmail.com <dniggebrugge@hotmail.com> wrote: Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: * Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then. My firmware version is 1.01.01, latest available for this type. 'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface) Greetings, Daniël Niggebrugge |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [ GLSA 200703-23 ] WordPress: Multiple vulnerabilities, Raphael Marichez |
|---|---|
| Next by Date: | [ GLSA 200703-21 ] PHP: Multiple vulnerabilities, Raphael Marichez |
| Previous by Thread: | Linksys WAG200G - Information disclosure, dniggebrugge |
| Next by Thread: | Re: Linksys WAG200G - Information disclosure, Bartłomiej Ochman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |