Sign-up

ID

VAR-200703-0627


CVE

CVE-2007-1585


TITLE

Linksys WAG200G Important information such as ( Password and configuration data ) Vulnerability to be acquired

Trust: 0.8

sources: JVNDB: JVNDB-2007-003559

DESCRIPTION

The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. NOTE: some of these details are obtained from third party information. Linksys WAG200G is prone to a vulnerability that may disclose sensitive information. An attacker can exploit this issue to retrieve sensitive information that may aid in further attacks. This issue affects firmware version 1.01.01; other versions may also be vulnerable. Linksys WAG200G is a wireless ADSL router. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Linksys Products Information Disclosure Security Issue SECUNIA ADVISORY ID: SA24658 VERIFY ADVISORY: http://secunia.com/advisories/24658/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Linksys WAG200G http://secunia.com/product/13810/ Linksys WRT54GC http://secunia.com/product/13808/ DESCRIPTION: A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information. the product model, the web interface password, the PPPoA username, the PPPoA password, the SSID, and the WPA passphrase by sending a UDP packet to port 916 of the device. The security issue is reported in WAG200G with firmware 1.01.03 and earlier, WRT54GC v1 with firmware 1.03.0 and earlier, and WRT54GC v2 with firmware 1.00.7 and earlier. PROVIDED AND/OR DISCOVERED BY: Daniel Niggebrugge, additional information by Bartomiej Ochman ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1585 // JVNDB: JVNDB-2007-003559 // BID: 23063 // VULHUB: VHN-24947 // PACKETSTORM: 55476

AFFECTED PRODUCTS

vendor:linksysmodel:wrt54gcscope:eqversion:1.00.7

Trust: 1.6

vendor:linksysmodel:wag200gscope:eqversion:1.01.01

Trust: 1.6

vendor:linksysmodel:wrt54gcscope:lteversion:1.03.0

Trust: 1.0

vendor:cisco linksysmodel:wag200gscope:eqversion:1.01.01

Trust: 0.8

vendor:cisco linksysmodel:wrt54gcscope:lteversion:1.00.7

Trust: 0.8

vendor:cisco linksysmodel:wrt54gcscope:eqversion:1.03.0

Trust: 0.8

vendor:linksysmodel:wrt54gcscope:eqversion:1.03.0

Trust: 0.6

vendor:linksysmodel:wrt54gcscope:eqversion:v2.01.0.7

Trust: 0.3

vendor:linksysmodel:wag200gscope:eqversion:1.1.1

Trust: 0.3

sources: BID: 23063 // JVNDB: JVNDB-2007-003559 // CNNVD: CNNVD-200703-510 // NVD: CVE-2007-1585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1585
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1585
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-510
value: MEDIUM

Trust: 0.6

VULHUB: VHN-24947
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1585
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24947
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24947 // JVNDB: JVNDB-2007-003559 // CNNVD: CNNVD-200703-510 // NVD: CVE-2007-1585

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1585

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-510

TYPE

Design Error

Trust: 0.9

sources: BID: 23063 // CNNVD: CNNVD-200703-510

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003559

PATCH
title:Linksysurl:http://home.cisco.com/en-apac/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003559

EXTERNAL IDS
db:NVDid:CVE-2007-1585
Trust: 2.5
db:BIDid:23063
Trust: 2.0
db:SECUNIAid:24658
Trust: 1.8
db:JVNDBid:JVNDB-2007-003559
Trust: 0.8
db:BUGTRAQid:20070325 RE: LINKSYS WAG200G - INFORMATION DISCLOSURE
Trust: 0.6
db:BUGTRAQid:20070320 LINKSYS WAG200G - INFORMATION DISCLOSURE
Trust: 0.6
db:CNNVDid:CNNVD-200703-510
Trust: 0.6
db:VULHUBid:VHN-24947
Trust: 0.1
db:PACKETSTORMid:55476
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24947 // 
            
            
            
            BID: 23063 // 
            
            
            
            JVNDB: JVNDB-2007-003559 // 
            
            
            
            PACKETSTORM: 55476 // 
            
            
            
            CNNVD: CNNVD-200703-510 // 
            
            
            
            NVD: CVE-2007-1585

REFERENCES
url:http://www.securityfocus.com/bid/23063
Trust: 1.7
url:http://secunia.com/advisories/24658
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=117492736903388&w=2
Trust: 1.6
url:http://www.securityfocus.com/archive/1/463342/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33251
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1585
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1585
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/463342/100/0/threaded
Trust: 0.6
url:http://www.linksys.com/
Trust: 0.3
url:/archive/1/463342
Trust: 0.3
url:/archive/1/463834
Trust: 0.3
url:/archive/1/466176
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=117492736903388&w=2
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/13810/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/advisories/24658/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/13808/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/linux_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24947 // 
            
            
            
            BID: 23063 // 
            
            
            
            JVNDB: JVNDB-2007-003559 // 
            
            
            
            PACKETSTORM: 55476 // 
            
            
            
            CNNVD: CNNVD-200703-510 // 
            
            
            
            NVD: CVE-2007-1585

CREDITS
Daniël Niggebrugge
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200703-510

SOURCES
db:VULHUBid:VHN-24947
db:BIDid:23063
db:JVNDBid:JVNDB-2007-003559
db:PACKETSTORMid:55476
db:CNNVDid:CNNVD-200703-510
db:NVDid:CVE-2007-1585

LAST UPDATE DATE
2025-04-10T23:19:13.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24947date:2018-10-16T00:00:00
db:BIDid:23063date:2007-04-19T17:11:00
db:JVNDBid:JVNDB-2007-003559date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200703-510date:2007-04-10T00:00:00
db:NVDid:CVE-2007-1585date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24947date:2007-03-21T00:00:00
db:BIDid:23063date:2007-03-20T00:00:00
db:JVNDBid:JVNDB-2007-003559date:2012-09-25T00:00:00
db:PACKETSTORMid:55476date:2007-04-02T02:42:23
db:CNNVDid:CNNVD-200703-510date:2007-03-21T00:00:00
db:NVDid:CVE-2007-1585date:2007-03-21T23:19:00