Details of VAR-200112-0138

ID

VAR-200112-0138

CVE

CVE-2001-1220

TITLE

D-Link DWL-1000AP WLAN Access Point Plain Text Password Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2001-3262

DESCRIPTION

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. DLink DWL-1000AP is an 11Mbps wireless LAN access point product for home users. It supports WEP, MAC address control and user authentication. The product has a security issue that could cause a remote attacker to hijack the access point. This is because the administrator password is stored in plain text in the default 'public' management system library (OID 1.3.6.1.4.1.937.2.1.2.2.0). An attacker who has access to this management system library may pass the SNMP client Obtain the password, then access the wireless network, modify the configuration, or launch a denial of service attack. Any attacker within range, using a SNMP client, can reveal the administrative password by browsing the "public" MIB. This issue has been confirmed with the 3.2.28 #483 (Aug 23 2001) firmware. Other versions of the firmware may also be affected

Trust: 1.8

sources: NVD: CVE-2001-1220 // CNVD: CNVD-2001-3262 // BID: 3735 // VULHUB: VHN-4025

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2001-3262

AFFECTED PRODUCTS

vendor:	d link	model:	dwl-1000ap	scope:	eq	version:	3.2.28_483	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dwl-1000ap #483	scope:	eq	version:	3.2.28	Trust: 0.3

sources: CNVD: CNVD-2001-3262 // BID: 3735 // CNNVD: CNNVD-200112-132 // NVD: CVE-2001-1220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1220
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200112-132
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-4025
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1220
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4025
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4025 // CNNVD: CNNVD-200112-132 // NVD: CVE-2001-1220

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-132

TYPE

Design Error

Trust: 0.9

sources: BID: 3735 // CNNVD: CNNVD-200112-132

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1220	Trust: 2.6
db:	BID	id:	3735	Trust: 2.0
db:	CNNVD	id:	CNNVD-200112-132	Trust: 0.7
db:	CNVD	id:	CNVD-2001-3262	Trust: 0.6
db:	XF	id:	7733	Trust: 0.6
db:	BUGTRAQ	id:	20011221 D-LINK DWL-1000AP CAN BE COMPROMISED BECAUSE OF SNMP CONFIGURATION	Trust: 0.6
db:	VULHUB	id:	VHN-4025	Trust: 0.1

sources: CNVD: CNVD-2001-3262 // VULHUB: VHN-4025 // BID: 3735 // CNNVD: CNNVD-200112-132 // NVD: CVE-2001-1220

REFERENCES

url:	http://www.securityfocus.com/bid/3735	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/246849	Trust: 1.7
url:	http://www.iss.net/security_center/static/7733.php	Trust: 1.7
url:	http://www.dlink.com/products/wireless/dwl1000ap/	Trust: 0.3

sources: VULHUB: VHN-4025 // BID: 3735 // CNNVD: CNNVD-200112-132 // NVD: CVE-2001-1220

CREDITS

Jonathan Strine※ jstrine@netpanel.com

Trust: 0.6

sources: CNNVD: CNNVD-200112-132

SOURCES

db:	CNVD	id:	CNVD-2001-3262
db:	VULHUB	id:	VHN-4025
db:	BID	id:	3735
db:	CNNVD	id:	CNNVD-200112-132
db:	NVD	id:	CVE-2001-1220

LAST UPDATE DATE

2025-04-03T22:25:22.020000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2001-3262	date:	2001-12-24T00:00:00
db:	VULHUB	id:	VHN-4025	date:	2008-09-05T00:00:00
db:	BID	id:	3735	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200112-132	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1220	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2001-3262	date:	2001-12-21T00:00:00
db:	VULHUB	id:	VHN-4025	date:	2001-12-21T00:00:00
db:	BID	id:	3735	date:	2001-12-21T00:00:00
db:	CNNVD	id:	CNNVD-200112-132	date:	2001-12-21T00:00:00
db:	NVD	id:	CVE-2001-1220	date:	2001-12-21T05:00:00