SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  Edimax Router Vendors:  EDIMAX Technology Co.
Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users
SecurityTracker Alert ID:  1010467
SecurityTracker URL:  http://securitytracker.com/id?1010467
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 10 2004
Impact:  Disclosure of authentication information, User access via network
Exploit Included:  Yes  
Version(s): Model 7205APL ; firmware version 2.40a-00
Description:  Menno Slaats reported a vulnerability in the Edimax 7205APL wireless router. A remote user can obtain the administrative password.

It is reported that a remote user can login using 'guest' as the username and '1234' as the password and then make a backup of the configuration file ('config.bin'). The file contains the administrator's password, the report said.

The vendor has reportedly been notified.
Impact:  A remote user can access the device and determine the administrative password.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.edimax.com.tw/ (Links to External Site)
Cause:  Access control error
Reported By:  <msl@velmans-industries.nl>
Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 14 2004 (A Workaround is Described) Edimax 7205APL Wireless Router Discloses the Administrative to Remote Users   (Tadeo Cwierz <tcwierz@cybsec.com>)
A workaround is available.


 Source Message Contents
Date:  10 Jun 2004 14:26:29 -0000
From:  <msl@velmans-industries.nl>
Subject:  Edimax 7205APL

 


Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result: 

yÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 71331234,À¨ÿÿÿ default.domainÀ¨À¨dÀ¨Èadmin XXXXX guest 
1234 WirelessXXXXXX, À¨ÿyy À¨À¨À¨dÀ¨ domain©üUoù Lg C´ ©üUoù 
Lg C´é

You can see the password of the admin XXXXX (for security reasons, I have changed the original one in
 XXXXX) and the password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content 
like above of the admin.
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve
 this security problem.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC