Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability

Bugtraq ID:	23063
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 20 2007 12:00AM
Updated:	Apr 19 2007 05:11PM
Credit:	Daniel Niggebrugge is credited with the discovery of this vulnerability.
Vulnerable:	Linksys WRT54GC v2.0 1.0.7 (Firmware) Linksys WAG200G 1.1.1
Not Vulnerable:

Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability

Linksys WAG200G is prone to a vulnerability that may disclose sensitive information.

An attacker can exploit this issue to retrieve sensitive information that may aid in further attacks.

This issue affects firmware version 1.01.01; other versions may also be vulnerable.

Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability

An attacker can use standard networking tools to exploit this issue.

Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability

Solution:
Reports indicate that the vendor released firmware 1.01.04 to address this issue. Symantec has not confirmed this. Please contact the vendor for more information.

Linksys WAG200G DSL Router/Gateway Information Disclosure Vulnerability

References:

• Linksys Homepage (Linksys)
  
• Linksys WAG200G - Information disclosure (Daniel Niggebrugge)
  
• Re: Linksys WAG200G - Information disclosure (BO)
  
• Re: Linksys WAG200G - Information disclosure (no-mail)