Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability

D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability

by Jay Topp on December 29th, 2001 DLink DWL-1000AP is a 11Mbps wireless LAN access point product, which is geared towards home users. It supports WEP, MAC address control and user authentication. An oversight in the design of this product creates a vulnerability which may be exploited by an attacker to hijack the access point.


The administrative password is stored in plaintext in the default "public" MIB. Any attacker within range, using a SNMP client, can reveal the administrative password by browsing the "public" MIB.

With the administrative password, it is possible for an attacker to gain access to the wireless network, change the configuration of the device, or cause a denial of service.

The issue is further complicated by BugTraq ID 3736, "D-Link DWL-1000AP Wireless LAN Access Point Public Community String Vulnerability".

This issue has been confirmed with the 3.2.28 #483 firmware. Other versions of the firmware may also be affected.

- Thanks SecurityFocus.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »