Edimax 7205APL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result:

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 71331234,À¨ÿÿÿ    default.domainÀ¨À¨dÀ¨Èadmin XXXXX guest 
1234 WirelessXXXXXX,  À¨?ÿyy  À¨À¨À¨dÀ¨domain©üUoù Lg C´ ©üUoù
Lg C´é

You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin. 
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux