Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » D-Link DWL-900AP+ Security Hole

D-Link DWL-900AP+ Security Hole

by Nikola Strahija on January 16th, 2003 The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps.


With the realese of a new the new v2.5 firmware for this device comes the latest realese of the D-Link AirPlus Access Point Manager. With this tool you can upgrade the firmware of an access point without being prompted for a password.

Affected Services
------------------
Dlink V2.2 V2.3 or earlier

Impact
-------
After upgrading the firmware on the DWL-900AP+, the access point returns to factory default settings. The outcomes of this are obvious.

Details
--------
You must have installed the D-Link AirPlus Access Point Manager program which is included in the v2.5 firmware update. Once the program is launched click on the firmware upgrade setting. There are two panes on this window. The bottom pane being "Aveliable AP". I found these to be AP's running the v2.5 firmware. The top pane "Upgrage AP" displays a list of access points which you can upgrade. You simply highlight the one you wish to upgrade, you must then browse and find the firmware you want to upgrade and click the upgrade button. It will not prompt you for any passwords and will simply tftp the new firmware onto the access point. Once the firmware has been uploaded the access point resets and returns back to factory default settings.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »