D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability

DLink DWL-1000AP is a 11Mbps wireless LAN access point product, which is geared towards home users. It supports WEP, MAC address control and user authentication.

An oversight in the design of this product creates a vulnerability which may be exploited by an attacker to hijack the access point.

The administrative password is stored in plaintext in the default "public" MIB. Any attacker within range, using a SNMP client, can reveal the administrative password by browsing the "public" MIB.

With the administrative password, it is possible for an attacker to gain access to the wireless network, change the configuration of the device, or cause a denial of service.

The issue is further complicated by BugTraq ID 3736, "D-Link DWL-1000AP Wireless LAN Access Point Public Community String Vulnerability".

This issue has been confirmed with the 3.2.28 #483 (Aug 23
2001) firmware. Other versions of the firmware may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus