[NEWS] D-Link DWL-900AP+ Security Hole (Password-less Access)

From: support@securiteam.com
Date: 01/18/03

  • Next message: support@securiteam.com: "[UNIX] Outreach Project Tool Multiple Vulnerabiltiies" 
    From: support@securiteam.com
To: list@securiteam.com
Date: 18 Jan 2003 10:22:13 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security would like to welcome Tiscali World Online
    to our service provider team.
    For more info on their service offering IP-Secure,
    please visit http://www.worldonline.co.za/services/work_ip.asp
    - - - - - - - - -

      D-Link DWL-900AP+ Security Hole (Password-less Access)
    ------------------------------------------------------------------------

    SUMMARY

    The DWL-900AP+ is a wireless access point manufactured by D-Link which is
    capable of speeds up to 22Mbps.

    The latest release of a new the new v2.5 firmware for this device was
    joined with the latest release of the D-Link AirPlus Access Point Manager.
    The AirPlus Access Point Manager allows you to upgrade the firmware of an
    access point without being prompted for a password.

    DETAILS

    Vulnerable systems:
     * D-Link version 2.2
     * D-Link version 2.3

    Impact:
    After upgrading the firmware on the DWL-900AP+, the access point returns
    to factory default settings. The outcomes of this are obvious.

    Recreation:
    To recreate this issue you need to install the D-Link AirPlus Access Point
    Manager program which is included in the v2.5 firmware update. Once the
    program is launched click on the firmware upgrade setting. There are two
    panes on this window. The bottom pane being "Available AP". Jason found
    these to be AP's running the v2.5 firmware. The top pane "Upgrade AP"
    displays a list of access points which you can upgrade. You can simply
    highlight the one you wish to upgrade, you must then browse and find the
    firmware you want to upgrade and click the upgrade button. It will not
    prompt you for any passwords and will simply tftp the new firmware onto
    the access point. Once the firmware has been uploaded the access point
    resets and returns back to factory default settings.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:jtedesco@request.com.au>
    Jason Tedesco.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

    Relevant Pages