Secunia Security Advisory - A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information.
6a8c32c0ae561b45df40bb096ebfbf6f908e238729167807e34b5c73d5a913c4
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
http://secunia.com/Linux_Security_Specialist/
----------------------------------------------------------------------
TITLE:
Linksys Products Information Disclosure Security Issue
SECUNIA ADVISORY ID:
SA24658
VERIFY ADVISORY:
http://secunia.com/advisories/24658/
CRITICAL:
Moderately critical
IMPACT:
Exposure of system information, Exposure of sensitive information
WHERE:
>From local network
OPERATING SYSTEM:
Linksys WAG200G
http://secunia.com/product/13810/
Linksys WRT54GC
http://secunia.com/product/13808/
DESCRIPTION:
A security issue has been reported in various Linksys products, which
can be exploited to disclose certain sensitive information.
The problem is that it is possible to disclose certain information
e.g. the product model, the web interface password, the PPPoA
username, the PPPoA password, the SSID, and the WPA passphrase by
sending a UDP packet to port 916 of the device.
The security issue is reported in WAG200G with firmware 1.01.03 and
earlier, WRT54GC v1 with firmware 1.03.0 and earlier, and WRT54GC v2
with firmware 1.00.7 and earlier.
SOLUTION:
The vendor expects to release new firmware versions by 06-04-2007.
PROVIDED AND/OR DISCOVERED BY:
Daniel Niggebrugge, additional information by Bartomiej Ochman
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------