Linksys Wireless Access Point SNMP Port Can Be Locked Out By Remote Users
SecurityTracker Alert ID: 1003035|
SecurityTracker URL: http://securitytracker.com/id/1003035
(Links to External Site)
Date: Dec 21 2001
Denial of service via network|
Exploit Included: Yes |
Version(s): Atmel Firmware 1.3; Tested on a WAP11 Syslink Wireless Access Point WPC11 Wireless network PC card (PCMCIA+PCI) Under Windows 2000|
VIGILANTe reported a denial of service vulnerability in the WAP11 Syslink Wireless Access Point WPC11 Wireless network PC card. A remote user can cause the device's SNMP port to crash.|
A remote user can send an SNMP read request with a community name different than "public", including a NULL community string, or with an unknown OID to cause the device's SNMP port to stop processing requests. This apparently occurs even if the SNMP response sent by the device is correct.
It is reported that the vendor has released a more recent version of this software, but it is not known if it is vulnerable to this attack. VIGILANTe did not perform tests on this newer version.
A remote user can cause the device's SNMP port to stop processing requests.|
The vednor has released a newer version of the firmware (1.4g.5). The vendor suggests using the new code, available at:|
A new utility is also required to use this firmware, available at:
Note that VIGILANTe did not test the newer version. Also, the vendor does not explicitly state that the newer version corrects the situation.
Vendor URL: www.linksys.com/products/product.asp?grid=22&prid=157 (Links to External Site)
Exception handling error|
Source Message Contents
Date: Fri, 21 Dec 2001 17:49:24 +0100|
Subject: VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community Stri
Atmel SNMP Non Public Community String DoS Vulnerability
Advisory Code: VIGILANTE-2001003
Release Date: December 21, 2001
Atmel Firmware 1.3
Tested on a WAP11 Syslink Wireless Access Point WPC11 Wireless network PC
card (PCMCIA+PCI) Under Windows 2000
Systems not affected:
Vendor released a more recent version of this software, but it is not known
if it is vulnerable to this attack. We did not perform tests on this newer
During some tests we noticed that the 1.3 version firmware contains a flaw
that may result in a denial-of-service, preventing any new further request
to be correctly handled by the device.
If a SNMP read request is made with a community name different than "public"
( including NULL community string ) or an unknown OID, it leads to a denial
of service even if the answer is correct ( ie the returned code error in the
reply is ok ). Any SNMP request made to the Wireless Access Point is then
denied. Reset of the appliance is necessary to recover normal functioning.
Linsys was contacted October 30, 2001 and answered. They say that the 1.3
firmware for the WAP11 is a somewhat dated release. The current shipping
version is 1.4g.5.
A test case to detect this vulnerability was added to SecureScan NX in the
upgrade package of December 21, 2001. You can see the documentation of this
test case 15471 on SecureScan NX web site at
Vendor suggested the following : "for customers that have earlier versions,
new code is available on our ftp site:
The new utility is also required to use this firmware, also available on our
ftp site : ftp://ftp.linksys.com/pub/network/wap11sw.exe.
These links are also published on our website at :
http://www.linksys.com/download/firmware.asp under the wap11 section from
the drop down."
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number. It will be
included here when available.
This vulnerability was discovered by Frederic Brouille, member of VIGILANTe.
We wish to thank Atmel for their help in investigating this problem.
Copyright VIGILANTe.com, Inc. 2001-12-21
The information within this document may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any consequences whatsoever arising out of or in connection
with the use or spread of this information. Any use of this information lays
within the user's responsibility.
Please send suggestions, updates, and comments to email@example.com.