Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | D-Link Access Point DWL-900AP+ TFTP Vulnerability |
|---|
Categorie: Vulnerability
Posted: 2002-10-23 by ReCall
Views: 422
| Current Rating: Not rated
|
| | Details |
|---|
D-Link DWL-900AP+ Access Point/Bridge, has been found to contain severe vulnerability that could be exploited by a potential intruder to gain full administrative access to the device.
Details
Vulnerable systems:
* DWL-900AP+ B1 version 2.1 and 2.2
Possibly vulnerable (developed by the same manufacture):
* ALLOY GL-2422AP-S
* EUSSO GL2422-AP
* LINKSYS WAP11-V2.2
* WISECOM GL2422AP-0T
D-Link's DWL-900AP+ is a WiFi/802.11b Access Point with enhanced 22Mbps transfer mode (a.k.a. "802.11b+") and proprietary bridging functions, typically targeted at SOHO installation. The device can be connected to an existing wired network by mean of a standard 10/100 Ethernet port and can be configured by using a JavaScript-enabled HTTP client (WEB browser) pointed at its IP address.
Although partly documented, the device features also an embedded TFTP (Trivial File Transfer Protocol) server which can be used to obtain critical data: by requesting a file named "config.img", an intruder receive a binary image of the device configuration which contains, among others, the following information:
- The "admin" password required by the HTTP user interface
- The WEP encryption keys
- The network configuration data (addresses, SSID, etc).
Such data are returned in clear text and may be accessed by any wired/wireless client. Note that if the device is configured to use a "public" IP address and a valid "gateway" (connected to the Internet) is specified in the wired LAN configuration screen, the TFTP service (hence the critical data) could be accessed world-wide.
Additional info:
In addition to the above mentioned "config.img", the following undocumented files are also accessible via the TFTP protocol:
- eeprom.dat
- mac.dat
- wtune.dat
- rom.img
- normal.img
The latest one being the (compressed) firmware image as uploaded to the device. We did not investigate further, so the above list is to be intended as NOT exhaustive.
Solutions:
There are NO known solutions or workarounds at the moment. A firmware upgrade is urged from the vendor. A complete report of the vulnerability was sent to D-Link's International Support on Mon, 14 Oct 2002 and was assigned the case-id: DL204488.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=118
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
