Linksys WAG200G - Information disclosure (fwd)
I wonder what their security process is for other types of routers? ---------- Forwarded message ---------- Date: 20 Mar 2007 20:31:01 -0000 From: dniggebrugge@hotmail.com To: bugtraq@securityfocus.com Subject: Linksys WAG200G - Information disclosure Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: * Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then. My firmware version is 1.01.01, latest available for this type. 'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface) Greetings, Daniël Niggebrugge
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try psirt@cisco.com http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h... -Robert
---------- Forwarded message ---------- Date: 20 Mar 2007 20:31:01 -0000 From: dniggebrugge@hotmail.com To: bugtraq@securityfocus.com Subject: Linksys WAG200G - Information disclosure
Hi there,
About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows:
* Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase
I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then.
My firmware version is 1.01.01, latest available for this type.
'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface)
Greetings, Dani�l Niggebrugge
Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Franklin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Robert Boyle <robert@tellurian.com> [2007-03-20 19:11] wrote:
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try psirt@cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h...
-Robert
Thanks Robert. Linksys' product security folks can also be reached directly at security@linksys.com. Feel free to copy us on any vulnerability reports and we can help to ensure that the right folks have received the report to address any issues. - -Mike- - -- Mike Caudill <mcaudill@cisco.com> PSIRT Incident Manager DSS PGP: 0xEBBD5271 +1.919.392.2855 / +1.919.522.4931 (cell) http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFGAT6QimPJSeu9UnERAn+GAJ97+9rIISfHE27bf2R3WSevybXJ/ACeJprB GsXXQLvfY1GhgdakzJIgVFA= =CLmZ -----END PGP SIGNATURE-----
On Wed, 21 Mar 2007, Mike Caudill wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Robert Boyle <robert@tellurian.com> [2007-03-20 19:11] wrote:
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try psirt@cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h...
-Robert
Thanks Robert.
Linksys' product security folks can also be reached directly at security@linksys.com. Feel free to copy us on any vulnerability reports and we can help to ensure that the right folks have received the report to address any issues.
- -Mike-
Knowing PSIRT is available to handle these issues for Linksys is very reassuring. Thanks Mike. Gadi.
Karin and me have just completed a little test, in case you own such a router. On the IASON homepage http://iason.site.voila.fr scroll down, look for the picture of the two pirates and klick Port 916 Backdoor the file udp916.tgz contains Makefile and sources for "test916 <router name or ip>" and in case your router does not answer port 916 udp a little server "server-916". The server must be run as root. It will terminate after the first test from the client, telling you at least the query from the client and the name and ip-addresses. Enjoy Peter and Karin Dambier Robert Boyle wrote:
At 05:48 PM 3/20/2007, you wrote:
I wonder what their security process is for other types of routers?
Try psirt@cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h...
-Robert
---------- Forwarded message ---------- Date: 20 Mar 2007 20:31:01 -0000 From: dniggebrugge@hotmail.com To: bugtraq@securityfocus.com Subject: Linksys WAG200G - Information disclosure
Hi there,
About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows:
* Product model * Password webinterface * Username PPPoA * Password PPPoA * SSID * WPA Passphrase
I notified Linksys, got some regular support questions and was then assured my concerns would be forwarded to the product engineers. Some weeks later I tried again, same message, silence since then.
My firmware version is 1.01.01, latest available for this type.
'Technical' info: Sent a packet to UDP port 916. Answer contains mentioned information. (LAN interface and Wireless interface)
Greetings, Daniël Niggebrugge
Tellurian Networks - Global Hosting Solutions Since 1995 http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 "Well done is better than well said." - Benjamin Frankli n
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
participants (4)
-
Gadi Evron
-
Mike Caudill
-
Peter Dambier
-
Robert Boyle