---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Linksys Products Information Disclosure Security Issue SECUNIA ADVISORY ID: SA24658 VERIFY ADVISORY: http://secunia.com/advisories/24658/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Linksys WAG200G http://secunia.com/product/13810/ Linksys WRT54GC http://secunia.com/product/13808/ DESCRIPTION: A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information. The problem is that it is possible to disclose certain information e.g. the product model, the web interface password, the PPPoA username, the PPPoA password, the SSID, and the WPA passphrase by sending a UDP packet to port 916 of the device. The security issue is reported in WAG200G with firmware 1.01.03 and earlier, WRT54GC v1 with firmware 1.03.0 and earlier, and WRT54GC v2 with firmware 1.00.7 and earlier. SOLUTION: The vendor expects to release new firmware versions by 06-04-2007. PROVIDED AND/OR DISCOVERED BY: Daniel Niggebrugge, additional information by Bartomiej Ochman ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------