|
Bugtraq
mailing list archives
Edimax 7205APL
From: <msl () velmans-industries nl>
Date: 10 Jun 2004 14:26:29 -0000
Vendor: Edimax
Type: 7205APL
Firmware: 2.40a-00
Kind of bug: Security
Description: Normally a user called addmin, has to create a password on the Accesspoint.
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.
Opening the file in Notepad gave the next result:
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 71331234��,�À¨��ÿÿÿ �� default.domainÀ¨��À¨�dÀ¨�Èadmin XXXXX guest
1234 Wireless��XXXXXX,� À¨�ÿyy À¨��À¨��À¨�dÀ¨�domain��©üUoù Lg C´� ©üUoù
Lg C´��é
You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the
password of a user called guest, 1234.
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the
admin.
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security
problem.
 By Date 
By Thread
Current thread:
- Edimax 7205APL msl (Jun 10)
|
