(A Workaround is Described) Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Device (Router/Bridge/Hub) > Edimax Router

Vendors: EDIMAX Technology Co.

(A Workaround is Described) Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users

SecurityTracker Alert ID: 1010487

SecurityTracker URL: http://securitytracker.com/id/1010487

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 14 2004

Impact: Disclosure of authentication information, User access via network

Version(s): Model 7205APL ; firmware version 2.40a-00

Description: Menno Slaats reported a vulnerability in the Edimax 7205APL wireless router. A remote user can obtain the administrative password.

It is reported that a remote user can login using 'guest' as the username and '1234' as the password and then make a backup of the configuration file ('config.bin'). The file contains the administrator's password, the report said.

The vendor has reportedly been notified.

Impact: A remote user can access the device and determine the administrative password.

Solution: No vendor solution was available at the time of this entry.

Tadeo Cwierz, Mariano Nunez, and Matias Pagouape of CYBSEC S.A. Security Systems reported that, as a workaround, you can use the following steps to change the default guest account username and password:

"1.- make a backup of the configuration (config.bin)
2.- edit config.bin with a hex editor
3.- change the string guest to a new private user name (considering the long of the string, 5 chars)
4.- change the string 1234 to a new private password for the new account name (considering the long of the string, 4 chars)
5.- save the new config.bin.
5.- restore the config.bin to the wireless router."

Vendor URL: www.edimax.com.tw/ (Links to External Site)

Cause: Access control error

Message History: This archive entry is a follow-up to the message listed below.

Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users

Source Message Contents

Subject: Edimax 7205APL Wireless Router Discloses the Administrative to Remote


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Security Tracker:

Refered to the bug:

SecurityTracker Alert ID:  1010467

"Edimax 7205APL Wireless Router Discloses the Administrative to
Remote Users"

a posible workarround to default "guest" user is:

1.- make a backup of the configuration (config.bin)
2.- edit config.bin with a hex editor
3.- change the string guest to a new private user name (considering
the long of the string, 5 chars)
4.- change the string 1234 to a new private password for the new
account name (considering the long of the string, 4 chars)
5.- save the new config.bin.
5.- restore the config.bin to the wireless router.

Now the default account:
user:guest
password:1234

is replaced by the new user:password account.


Reported by:

Tadeo Cwierz


CYBSEC S.A. Security Systems
C1042ABD - Buenos Aires - Argentina
Tel/Fax: (54-11) 4382-1600
Web: http://www.cybsec.com



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBQM3Io/wR7COxGzFGEQI/qACfddGTcGNDtjRzYzCibgX4yStw6y4An2PA
GFx/dUyOH0od+gxdRePe1/wq
=4C1n
-----END PGP SIGNATURE-----

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC