PDA

Bekijk Volledige Versie : Re: D-Link DWL-900AP+ Security Hole



Dan
21/01/03, 08:07
lo Jason. Comments in line.

On Wed, 15 Jan 2003, Jason Tedesco wrote:

> Overview
> ---------
> The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps.
>
> With the realese of a new the new v2.5 firmware for this device comes the latest realese of the
> D-Link AirPlus Access Point Manager. With this tool you can upgrade the
> firmware of an access point without being prompted for a password.
>
> Affected Services
> ------------------
> Dlink V2.2 V2.3 or earlier
>
> Impact
> -------
> After upgrading the firmware on the DWL-900AP+, the access point returns to factory default settings.
> The outcomes of this are obvious.

Yes, Flashing the firmware on one of these devices resets the
configuration to factory default. This is known behavour, and was the case
with 2.2 and 2.3.

>
> Details
> --------
> You must have installed the D-Link AirPlus Access Point Manager program which is included in the v2.5
> firmware update. Once the program is launched click on the firmware
> upgrade setting. There are two panes on this window. The bottom pane
> being "Aveliable AP". I found these to be AP's running the v2.5
> firmware. The top pane "Upgrage AP" displays a list of access points
> which you can upgrade. You simply highlight the one you wish to
> upgrade, you must then browse and find the firmware you want to upgrade and click the upgrade button.
> It will not prompt you for any passwords and will simply tftp the new
> firmware onto the access point. Once the firmware has been uploaded the
> access point resets and returns back to factory default settings.
>

You havnt stated whether you reset a password after flashing your
firmware. If you havnt set a password, then whats the problem? If you dont
set a password, it cannot ask for one.

>
> Jason Tedesco
> ICQ: 40573753
>
>

Dan.