edimaxBackdoor.txt

2004-06-14T00:00:00
ID PACKETSTORM:33535
Type packetstorm
Reporter msl
Modified 2004-06-14T00:00:00

Description

                                        
                                            `  
  
Vendor: Edimax  
Type: 7205APL  
Firmware: 2.40a-00  
Kind of bug: Security  
Description: Normally a user called addmin, has to create a password on the Accesspoint.  
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.  
Opening the file in Notepad gave the next result:  
  
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 71331234,À¨ÿÿÿ default.domainÀ¨À¨dÀ¨Èadmin XXXXX guest   
1234 WirelessXXXXXX, À¨ÿyy À¨À¨À¨dÀ¨domain©üUoù Lg C´ ©üUoù  
Lg C´é  
  
You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.  
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin.   
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.  
`