Lucene search
K

D-Link DAP-1160 Authentication Bypass

🗓️ 30 Jun 2010 00:00:00Reported by Cristofaro MuneType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 34 Views

D-Link DAP-1160 Authentication Bypass on Firmware 1.20b06, 1.30b10, 1.31b0

Code
`Security Advisory  
  
IS-2010-005 - D-Link DAP-1160 Authentication Bypass  
  
  
  
Advisory Information  
--------------------  
Published:  
2010-06-29  
  
Updated:  
2010-06-29  
  
Manufacturer: D-Link  
Model: DAP-1160  
Firmware version: 1.20b06  
1.30b10  
1.31b01  
  
  
  
Vulnerability Details  
---------------------  
  
Public References:  
Not Assigned  
  
  
Platform:  
Successfully tested on D-Link DAP-1160 loaded with firmware versions:  
v120b06, v130b10, v131b01.  
Other models and/or firmware versions may be also affected.  
Note: Only firmware version major numbers are displayed on the  
administration web interface: 1.20, 1.30, 1.31  
  
  
Background Information:  
D-Link DAP-1160 is a wireless access points that allow wireless clients  
connectivity to wired networks.  
Supported 802.11b and 802.11g protocols. WEP, WPA and WPA2 supported.  
  
  
Summary:  
Administration interface authentication can be bypassed by accessing a  
specific URL shortly after device reboot  
  
  
Details:  
Accessing the device web administration interface requires a successful  
authentication with proper login credentials.  
But if the following URL address:  
  
http://IP_ADDR/tools_firmw.htm  
  
is accessed as a first URL and within a short time (~40 seconds) after  
the device web server has started, then no authentication is required to  
access device web interface.  
The device can then be freely reconfigured and sensitive information can  
be extracted and/or modified, such as Wi-Fi SSID and passphrases.  
A remote attacker may be able to achieve deterministic authentication  
bypass, without waiting for the device to be rebooted, by remotely  
rebooting the device via the DCC protocol.  
This can be performed in unauthenticated manner, as described in the  
advisory "IS-2010-004 - D-Link DAP-1160 Unauthenticated Remote  
Configuration"  
  
  
Impacts:  
Remote extraction of sensitive information  
Modification of existing device configuration  
  
  
Solutions & Workaround:  
Not available  
  
  
  
Additional Information  
----------------------  
Timeline (dd/mm/yy):  
17/02/2010: Vulnerability discovered  
17/02/2010: No suitable technical/security contact on Global/Regional  
website. No contact available on OSVDB website  
18/02/2010: Point of contact requested to customer service  
----------- No response -----------  
26/05/2010: Vulnerability disclosed at CONFidence 2010  
29/06/2010: This advisory  
  
  
Additional information available at http://www.icysilence.org  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation