Re: [VulnWatch] Advisory - D-Link Access Point
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Re: [VulnWatch] Advisory - D-Link Access Point
by Nicolae Braham
::
Rate this Message:
Can anyone verify the solution listed is valid: I am suspicious of dlinkbrasil.com.br because I don't see it listed from dlink.com
" 1 - Upgrade the firmware of D-Link DWL-2100ap Access Point. Direct link to download is http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP/DWL2100AP-firmware-v210na-r0343.tfp " Nicolae Braham > ----- Original Message ----- > From: news <news@...> > To: vulnwatch@... > Subject: [VulnWatch] Advisory - D-Link Access Point > Date: Tue, 6 Jun 2006 22:09:46 -0300 (BRT) > > > > INTRUDERS TIGER TEAM SECURITY - SECURITY > ADVISORYhttp://www.intruders.com.br/http://www.intruders.org.br/ADVISORY/0206 > - D-Link Wireless Access-Point (DWL-2100ap)PRIORITY: HIGHI - > INTRUDERS:----------------Intruders Tiger Team Security is a > project entailed with Security Open Source > (http://www.securityopensource.org.br).The Intruders Tiger Team > Security (ITTS) is a group of researchers with more than 10 years > of experience, specialized in the development of intrusion projects > (Pen-Test) and in special security projects.All the projects of > intrusion (Pen-Test) realized until the moment by the Intruders > Tiger Team Security had 100% of success.II - > INTRODUCTION:------------------D-Link AirPlus XtremeG 2.4GHz > Wireless Access Point, 54Mbps/108Mbps (802.11g):D-Link, the > industry pioneer in wireless networking, introduces a performance > breakthrough in wireless connectivity D-Link AirPlus Xtreme GTM > series of high-speed devices now capable of delivering transfer > rates up to 15x faster than the standard 802.11b with the new > D-Link 108G. With the new AirPlus Xtreme G DWL-2100AP Wireless > Access Point, D-Link sets a new standard for wireless access > points.D-Link DWL-2100ap is one of the most popular Access Point in > the world.III - DESCRIPTION:------------------Intruders Tiger Team > Security identified during an intrusion project (Pen-Test) an > unknown vulnerability in the Access Point D-Link DWL-2100ap, that > allows an attacker to read device's configuration, without > authentication with web server.Extremely sensible informations are > avaible in the configuration of the Access Point D-Link DWL-2100ap, > for example:- User and password used to manage the device.- > Password used in WEP and WPA.- SSID, IP, subnet mask, MAC Address > filters, etc.IV - ANALISYS:---------------Making a HTTP request to > the /cgi-bin/ directory, the Web server will return error 404 (Page > not found).Making a HTTP request to the /cgi-bin/AnyFile.htm, the > Web server will return error 404 (Page not found).However, making a > HTTP request to any file in /cgi-bin/ directory, with .cfg > extension, will return all the device configuration.For example, > making the following > request:http://dlink-DWL-2100ap/cgi-bin/Intruders.cfgWe would have > a result equivalent to the following:# Copyright (c) 2002 Atheros > Communications, Inc., All Rights Reserved# DO NOT EDIT -- This > configuration file is automatically generatedmagic Ar52xxAPfwc: > 34login adminDHCPServer Eth_Acl nameaddrdomainsuffix IP_Addr > 10.0.0.30IP_Mask 255.0.0.0Gateway_Addr 10.0.0.1RADIUSaddr > RADIUSport 1812RADIUSsecret password IntrudersTestpassphrase wlan1 > passphrase AnewBadPassPhrase# Several lines removed.D-Link > DWL-2100ap Access Point does not allow disable the Web server, not > even has options to filter ports. We remember that the D-Link > DWL-2100ap Access Point comes configured with default user > /password (user:admin and no password).V. > DETECTION:-------------Intruders Tiger Team Security confirmed the > existence of this vulnerability in all firmwares tested, also the > last version 2.10na. Possibly other(s) D-Link Access Point model(s) > can be vulnerable also.VI. SUGESTION:--------------D-Link company:1 > - Use strong cookies to guarantee that only authorized users will > get access to configuration.2 - Store sensible configurations like > password(s) using hash(s).3 - Allow create firewall politics and > rules to filters port(s) and IP(s).4 - Request to the user change > the default user/password on the first logon, and not allow > change the password to the last one used.5 - Use HTTP with SSL > (HTTPS).6 - Contracts specialized companies in Pen-Test and > security audit, aiming homologate the security of D-Link > products.D-Link customers:1 - Upgrade the firmware of D-Link > DWL-2100ap Access Point. Direct link to download is > http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP/DWL2100AP-firmware-v210na-r0343.tfpVII - CHRONOLOGY:-----------------11/02/2006 - Vulnerability discovered during a Pen-Test.15/02/2006 - D-Link World Wide Team Contacted.17/02/2006 - No response.18/02/2006 - D-Link World Wide Team re-contacted.24/02/2006 - No response.25/02/2006 - D-Link World Wide Team last try of contact.29/02/2006 - No response.29/02/2006 - D-Link Brazil Team Contacted.02/03/2006 - No response.03/03/2006 - D-Link Brazil Team re-contacted.06/03/2006 - D-Link Brazil Team responsed.09/03/2006 - Patch created.14/03/2006 - Patch added to D-Link Brazil download site.06/06/2006 - published advisory.VIII - CREDITS:---------------Wendel Guglielmetti Henrique and Intruders Tiger Team Security had discovered this vulnerability.Gratefulness to Glaudson Ocampos (Intruders Tiger Team Security), Waldemar Nehgme, JoãoArquimedes (Security Open Source) and Ricardo N. Ferreira (Security Open Source).Visit our > website:http://www.intruders.com.br/http://www.intruders.org.br/ > -- ___________________________________________________ Play 100s of games for FREE! http://games.mail.com/ |
||||||||||
|
|
|
||||||||||
| ------------- Mensagem Original ------------- | |
| Data: | Quarta-feira, 7 de Junho de 2006 20:40 |
| De: | Nicolae Braham < nicolae@... > |
| Para: | news < news@... >, vulnwatch@... |
| Assunto: | Re: [VulnWatch] Advisory - D-Link Access Point |
>Can anyone verify the solution listed is valid: I am suspicious of dlinkbrasil.com.br because I don't see it listed from dlink.com
>
>"
>1 - Upgrade the firmware of D-Link DWL-2100ap Access Point.
>Direct link to download is http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP/DWL2100AP-firmware-v210na-r0343.tfp
>"
>
>Nicolae Braham
>
>
>> ----- Original Message -----
>> From: news
>> To: vulnwatch@...
>> Subject: [VulnWatch] Advisory - D-Link Access Point
>> Date: Tue, 6 Jun 2006 22:09:46 -0300 (BRT)
>>
>>
>>
>> INTRUDERS TIGER TEAM SECURITY - SECURITY
>> ADVISORYhttp://www.intruders.com.br/http://www.intruders.org.br/ADVISORY/0206
>> - D-Link Wireless Access-Point (DWL-2100ap)PRIORITY: HIGHI -
>> INTRUDERS:----------------Intruders Tiger Team Security is a
>> project entailed with Security Open Source
>> (http://www.securityopensource.org.br).The Intruders Tiger Team
>> Security (ITTS) is a group of researchers with more than 10 years
>> of experience, specialized in the development of intrusion projects
>> (Pen-Test) and in special security projects.All the projects of
>> intrusion (Pen-Test) realized until the moment by the Intruders
>> Tiger Team Security had 100% of success.II -
>> INTRODUCTION:------------------D-Link AirPlus XtremeG 2.4GHz
>> Wireless Access Point, 54Mbps/108Mbps (802.11g):D-Link, the
>> industry pioneer in wireless networking, introduces a performance
>> breakthrough in wireless connectivity D-Link AirPlus Xtreme GTM
>> series of high-speed devices now capable of delivering transfer
>> rates up to 15x faster than the standard 802.11b with the new
>> D-Link 108G. With the new AirPlus Xtreme G DWL-2100AP Wireless
>> Access Point, D-Link sets a new standard for wireless access
>> points.D-Link DWL-2100ap is one of the most popular Access Point in
>> the world.III - DESCRIPTION:------------------Intruders Tiger Team
>> Security identified during an intrusion project (Pen-Test) an
>> unknown vulnerability in the Access Point D-Link DWL-2100ap, that
>> allows an attacker to read device's configuration, without
>> authentication with web server.Extremely sensible informations are
>> avaible in the configuration of the Access Point D-Link DWL-2100ap,
>> for example:- User and password used to manage the device.-
>> Password used in WEP and WPA.- SSID, IP, subnet mask, MAC Address
>> filters, etc.IV - ANALISYS:---------------Making a HTTP request to
>> the /cgi-bin/ directory, the Web server will return error 404 (Page
>> not found).Making a HTTP request to the /cgi-bin/AnyFile.htm, the
>> Web server will return error 404 (Page not found).However, making a
>> HTTP request to any file in /cgi-bin/ directory, with .cfg
>> extension, will return all the device configuration.For example,
>> making the following
>> request:http://dlink-DWL-2100ap/cgi-bin/Intruders.cfgWe would have
>> a result equivalent to the following:# Copyright (c) 2002 Atheros
>> Communications, Inc., All Rights Reserved# DO NOT EDIT -- This
>> configuration file is automatically generatedmagic Ar52xxAPfwc:
>> 34login adminDHCPServer Eth_Acl nameaddrdomainsuffix IP_Addr
>> 10.0.0.30IP_Mask 255.0.0.0Gateway_Addr 10.0.0.1RADIUSaddr
>> RADIUSport 1812RADIUSsecret password IntrudersTestpassphrase wlan1
>> passphrase AnewBadPassPhrase# Several lines removed.D-Link
>> DWL-2100ap Access Point does not allow disable the Web server, not
>> even has options to filter ports. We remember that the D-Link
>> DWL-2100ap Access Point comes configured with default user
>> /password (user:admin and no password).V.
>> DETECTION:-------------Intruders Tiger Team Security confirmed the
>> existence of this vulnerability in all firmwares tested, also the
>> last version 2.10na. Possibly other(s) D-Link Access Point model(s)
>> can be vulnerable also.VI. SUGESTION:--------------D-Link company:1
>> - Use strong cookies to guarantee that only authorized users will
>> get access to configuration.2 - Store sensible configurations like
>> password(s) using hash(s).3 - Allow create firewall politics and
>> rules to filters port(s) and IP(s).4 - Request to the user change
>> the default user/password on the first logon, and not allow
>> change the password to the last one used.5 - Use HTTP with SSL
>> (HTTPS).6 - Contracts specialized companies in Pen-Test and
>> security audit, aiming homologate the security of D-Link
>> products.D-Link customers:1 - Upgrade the firmware of D-Link
>> DWL-2100ap Access Point. Direct link to download is
>> http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP/DWL2100AP-firmware-v210na-r0343.tfpVII - CHRONOLOGY:-----------------11/02/2006 - Vulnerability discovered during a Pen-Test.15/02/2006 - D-Link World Wide Team Contacted.17/02/2006 - No response.18/02/2006 - D-Link World Wide Team re-contacted.24/02/2006 - No response.25/02/2006 - D-Link World Wide Team last try of contact.29/02/2006 - No response.29/02/2006 - D-Link Brazil Team Contacted.02/03/2006 - No response.03/03/2006 - D-Link Brazil Team re-contacted.06/03/2006 - D-Link Brazil Team responsed.09/03/2006 - Patch created.14/03/2006 - Patch added to D-Link Brazil download site.06/06/2006 - published advisory.VIII - CREDITS:---------------Wendel Guglielmetti Henrique and Intruders Tiger Team Security had discovered this vulnerability.Gratefulness to Glaudson Ocampos (Intruders Tiger Team Security), Waldemar Nehgme, JoãoArquimedes (Security Open Source) and Ricardo N. Ferreira (Security Open Source).Visit our
>> website:http://www.intruders.com.br/http://www.intruders.org.br/
>
>>
>
>
>--
>___________________________________________________
>Play 100s of games for FREE! http://games.mail.com/
>
>
| Free Forum Powered by Nabble | Forum Help |