Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

edimaxBackdoor.txt

🗓️ 14 Jun 2004 00:00:00Reported by mslType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Edimax access point vulnerability exposes admin and guest passwords in firmware backup file.

Code
`  
  
Vendor: Edimax  
Type: 7205APL  
Firmware: 2.40a-00  
Kind of bug: Security  
Description: Normally a user called addmin, has to create a password on the Accesspoint.  
When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file.  
Opening the file in Notepad gave the next result:  
  
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 71331234,À¨ÿÿÿ default.domainÀ¨À¨dÀ¨Èadmin XXXXX guest   
1234 WirelessXXXXXX, À¨ÿyy À¨À¨À¨dÀ¨domain©üUoù Lg C´ ©üUoù  
Lg C´é  
  
You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234.  
When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin.   
It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jun 2004 00:00Current
7.4High risk
Vulners AI Score7.4
edimaxaccess pointsecurity vulnerabilityfirmware bugadmin passwordguest passwordconfiguration file.
27