Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users
|
|
SecurityTracker Alert ID: 1010467 |
|
SecurityTracker URL: http://securitytracker.com/id/1010467
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 10 2004
|
Impact:
Disclosure of authentication information, User access via network
|
Exploit Included: Yes
|
Version(s): Model 7205APL ; firmware version 2.40a-00
|
Description:
Menno Slaats reported a vulnerability in the Edimax 7205APL wireless router. A remote user can obtain the administrative password.
It is reported that a remote user can login using 'guest' as the username and '1234' as the password and then make a backup of the configuration file ('config.bin'). The file contains the administrator's password, the report said.
The vendor has reportedly been notified.
|
Impact:
A remote user can access the device and determine the administrative password.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.edimax.com.tw/ (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Subject: Edimax 7205APL
|
Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result:
You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin.
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.
|
|
