[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: D-Link DWL-900AP+ Security Hole
From: "Jason Tedesco" <jtedesco () request ! com ! au>
Date: 2003-01-14 22:18:30
[Download RAW message or body]
Overview
---------
The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of \
speeds up to 22Mbps.
With the realese of a new the new v2.5 firmware for this device comes the latest \
realese of the D-Link AirPlus Access Point Manager. With this tool you can upgrade \
the firmware of an access point without being prompted for a password.
Affected Services
------------------
Dlink V2.2 V2.3 or earlier
Impact
-------
After upgrading the firmware on the DWL-900AP+, the access point returns to factory \
default settings. The outcomes of this are obvious.
Details
--------
You must have installed the D-Link AirPlus Access Point Manager program which is \
included in the v2.5 firmware update. Once the program is launched click on the \
firmware upgrade setting. There are two panes on this window. The bottom pane being \
"Aveliable AP". I found these to be AP's running the v2.5 firmware. The top pane \
"Upgrage AP" displays a list of access points which you can upgrade. You simply \
highlight the one you wish to upgrade, you must then browse and find the firmware you \
want to upgrade and click the upgrade button. It will not prompt you for any \
passwords and will simply tftp the new firmware onto the access point. Once the \
firmware has been uploaded the access point resets and returns back to factory \
default settings.
Jason Tedesco
ICQ: 40573753
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic