Re: Linksys WAG200G - Information disclosure
Hi,
Fyi, there's a "security@linksys.com" alias where you might find more
joy than regular customer support.
Reference: http://marc.info/?l=3Dvulndiscuss&m=3D103668488421367&w=3D2
Thanks,
--scm
On 20 Mar 2007 20:31:01 -0000, dniggebrugge@hotmail.com
<dniggebrugge@hotmail.com> wrote:
> Hi there,
>
> About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG=
200G. Just did some basic security checks and to my utter surprise the devi=
ce responded with about all sensitive information it knows:
>
> * Product model
> * Password webinterface
> * Username PPPoA
> * Password PPPoA
> * SSID
> * WPA Passphrase
>
> I notified Linksys, got some regular support questions and was then assur=
ed my concerns would be forwarded to the product engineers. Some weeks late=
r I tried again, same message, silence since then.
>
> My firmware version is 1.01.01, latest available for this type.
>
> 'Technical' info:
> Sent a packet to UDP port 916.
> Answer contains mentioned information.
> (LAN interface and Wireless interface)
>
> Greetings,
> Dani=EBl Niggebrugge
>
討論串 (同標題文章)
完整討論串 (本文為第 2 之 4 篇):