| VID |
29089 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The target Edimax Access Point contains a default backdoor account.
Edimax 7205APL Wireless Access Point running firmware version 2.40a-00 ships with a default account ('guest'/'1234') which is hard coded and cannot be removed. This account can be used to log into the device and create a backup of the configuration. This configuration (config.bin) contains all users and their corresponding passwords, allowing an attacker to then log into the device as administrator. The reported vulnerable device had firmware revision 2.40a-00. Other revisions may also contain similar backdoor accounts.
* References:
http://www.securityfocus.com/archive/1/365685
http://www.securitytracker.com/alerts/2004/Jun/1010467.html
* Platforms Affected:
Edimax 7205APL Wireless Access Point 2.40a-00
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2004.
As a workaround, you can use the following steps to change the default guest account username and password:
1. Make a backup of the configuration (config.bin)
2. Edit config.bin file with a hex editor.
3. Change the string guest to a new private user name (considering the long of the string, 5 chars)
4. Change the string 1234 to a new private password for the new account name (considering the long of the string, 4 chars)
5. Save the new config.bin.
6. Restore the new config.bin to the wireless router. |
| Related URL |
(CVE) |
| Related URL |
10512 (SecurityFocus) |
| Related URL |
16391 (ISS) |
|
