SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Edimax Router Vendors:   EDIMAX Technology Co.
Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users
SecurityTracker Alert ID:  1010467
SecurityTracker URL:  http://securitytracker.com/id/1010467
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 10 2004
Impact:   Disclosure of authentication information, User access via network
Exploit Included:  Yes  
Version(s): Model 7205APL ; firmware version 2.40a-00
Description:   Menno Slaats reported a vulnerability in the Edimax 7205APL wireless router. A remote user can obtain the administrative password.

It is reported that a remote user can login using 'guest' as the username and '1234' as the password and then make a backup of the configuration file ('config.bin'). The file contains the administrator's password, the report said.

The vendor has reportedly been notified.

Impact:   A remote user can access the device and determine the administrative password.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.edimax.com.tw/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 14 2004 (A Workaround is Described) Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users
A workaround is available.



 Source Message Contents

Subject:  Edimax 7205APL



Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result: 


You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin.
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem. 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC