| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Mar 2007 14:25:10 -0800 From: "Shawn Merdinger" <shawnmer@...il.com> To: "dniggebrugge@...mail.com" <dniggebrugge@...mail.com> Cc: bugtraq@...urityfocus.com Subject: Re: Linksys WAG200G - Information disclosure Hi, Fyi, there's a "security@...ksys.com" alias where you might find more joy than regular customer support. Reference: http://marc.info/?l=vulndiscuss&m=103668488421367&w=2 Thanks, --scm On 20 Mar 2007 20:31:01 -0000, dniggebrugge@...mail.com <dniggebrugge@...mail.com> wrote: > Hi there, > > About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: > > * Product model > * Password webinterface > * Username PPPoA > * Password PPPoA > * SSID > * WPA Passphrase > > I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then. > > My firmware version is 1.01.01, latest available for this type. > > 'Technical' info: > Sent a packet to UDP port 916. > Answer contains mentioned information. > (LAN interface and Wireless interface) > > Greetings, > Daniƫl Niggebrugge >
Powered by blists - more mailing lists