D-Link DWL-1000AP Wireless LAN Access Point Public Community String Vulnerability

D-Link DWL-1000AP is a 11Mbps wireless LAN access point product, which is geared towards home users. It supports WEP, MAC address control and user authentication.

A default read-only SNMP community string entitled "public" exists on the device. This community string is hard-coded into the product and cannot be changed with the configuration interface.

As a result, an attacker may use a SNMP client to browse sensitive information contained in the "public" MIB.

The issue is further complicated by BugTraq ID 3735, "D-Link DWL-1000AP Wireless LAN Access Point Plaintext Password Vulnerability".

This issue has been confirmed with the 3.2.28 #483 (Aug 23
2001) firmware. Other versions of the firmware may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus