Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   D-Link Router Vendors:   D-Link Systems, Inc.
D-Link AirPlus Access Point Manager Allows Remote Users to Upgrade Firmware Without Authentication
SecurityTracker Alert ID:  1005926
SecurityTracker URL:
CVE Reference:   CVE-2003-1346   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Jan 16 2003
Impact:   Modification of system information, User access via network
Exploit Included:  Yes  
Version(s): DWL-900AP+; firmware 2.5
Description:   An authentication vulnerability was reported in software provided with the D-Link DWL-900AP+. A remote user with local access to the Access Point Manager can upgrade the router's firmware without providing a password.

It is reported that the D-Link AirPlus Access Point Manager (provided with firmware version 2.5) operating in association with DWL-900AP+ routers running firmware version 2.3 and prior versions allows a local user to upgrade the firmware of a target access point router without having to supply a password. When the firmware is upgraded, the device reportedly returns to the factory default settings. This, in turn, may allow the user to gain remote access to the device.

Impact:   A local user on a host running the D-Link AirPlus Access Point Manager can upgrade a target device's firmware, causing the device to load the factory default settings. This can allow the user to then gain remote access to the device.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

Subject:  D-Link DWL-900AP+ Security Hole

The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps.

With the realese of a new the new v2.5 firmware for this device comes the latest realese of the D-Link AirPlus Access Point Manager.
  With this tool you can upgrade the firmware of an access point without being prompted for a password.

Affected Services
Dlink V2.2 V2.3 or earlier

After upgrading the firmware on the DWL-900AP+, the access point returns to factory default settings.  The outcomes of this are obvious.

You must have installed the D-Link AirPlus Access Point Manager program which is included in the v2.5 firmware update.  Once the program
 is launched click on the firmware upgrade setting.  There are two panes on this window.  The bottom pane being "Aveliable AP".  I
 found these to be AP's running the v2.5 firmware.  The top pane "Upgrage AP" displays a list of access points which you can upgrade.
  You simply highlight the one you wish to upgrade, you must then browse and find the firmware you want to upgrade and click the upgrade
 button.  It will not prompt you for any passwords and will simply tftp the new firmware onto the access point.  Once the firmware
 has been uploaded the access point resets and returns back to factory default settings.

Jason Tedesco
ICQ: 40573753


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC