SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Edimax Router Vendors:   EDIMAX Technology Co.
(A Workaround is Described) Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users
SecurityTracker Alert ID:  1010487
SecurityTracker URL:  http://securitytracker.com/id/1010487
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 14 2004
Impact:   Disclosure of authentication information, User access via network

Version(s): Model 7205APL ; firmware version 2.40a-00
Description:   Menno Slaats reported a vulnerability in the Edimax 7205APL wireless router. A remote user can obtain the administrative password.

It is reported that a remote user can login using 'guest' as the username and '1234' as the password and then make a backup of the configuration file ('config.bin'). The file contains the administrator's password, the report said.

The vendor has reportedly been notified.

Impact:   A remote user can access the device and determine the administrative password.
Solution:   No vendor solution was available at the time of this entry.

Tadeo Cwierz, Mariano Nunez, and Matias Pagouape of CYBSEC S.A. Security Systems reported that, as a workaround, you can use the following steps to change the default guest account username and password:

"1.- make a backup of the configuration (config.bin)
2.- edit config.bin with a hex editor
3.- change the string guest to a new private user name (considering the long of the string, 5 chars)
4.- change the string 1234 to a new private password for the new account name (considering the long of the string, 4 chars)
5.- save the new config.bin.
5.- restore the config.bin to the wireless router."

Vendor URL:  www.edimax.com.tw/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 10 2004 Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users



 Source Message Contents

Subject:  Edimax 7205APL Wireless Router Discloses the Administrative to Remote


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Security Tracker:

Refered to the bug:

SecurityTracker Alert ID:  1010467

"Edimax 7205APL Wireless Router Discloses the Administrative to
Remote Users"

a posible workarround to default "guest" user is:

1.- make a backup of the configuration (config.bin)
2.- edit config.bin with a hex editor
3.- change the string guest to a new private user name (considering
the long of the string, 5 chars)
4.- change the string 1234 to a new private password for the new
account name (considering the long of the string, 4 chars)
5.- save the new config.bin.
5.- restore the config.bin to the wireless router.

Now the default account:
user:guest
password:1234

is replaced by the new user:password account.


Reported by:

Tadeo Cwierz


CYBSEC S.A. Security Systems
C1042ABD - Buenos Aires - Argentina
Tel/Fax: (54-11) 4382-1600
Web: http://www.cybsec.com



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQM3Io/wR7COxGzFGEQI/qACfddGTcGNDtjRzYzCibgX4yStw6y4An2PA
GFx/dUyOH0od+gxdRePe1/wq
=4C1n
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC