[35228] in bugtraq
Edimax 7205APL
daemon@ATHENA.MIT.EDU (msl@velmans-industries.nl)
Thu Jun 10 17:51:25 2004
Date: 10 Jun 2004 14:26:29 -0000
Message-ID: <20040610142629.28000.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <msl@velmans-industries.nl>
To: bugtraq@securityfocus.com
Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result:
71331234��,��� �� default.domain���d�admin XXXXX guest
1234 Wireless��XXXXXX,� �yy �����d�domain��Uo Lg C� Uo
Lg C��
You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin.
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.
