Details of VAR-200112-0139

ID

VAR-200112-0139

CVE

CVE-2001-1221

TITLE

D-Link DWL-1000AP Wireless LAN Access Point 'public' Password Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2001-3259 // CNNVD: CNNVD-200112-131

DESCRIPTION

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. DLink DWL-1000AP is an 11Mbps wireless LAN access point product for home users. It supports WEP, MAC address control and user authentication. The product has a security issue that could cause remote attackers to obtain sensitive information. The device comes with a read-only SNMP communication word named 'public' by default. This communication word cannot be cancelled by setting, so a malicious attacker can use an SNMP client to browse to the sensitive information in the 'public' management system library. This community string is hard-coded into the product and cannot be changed with the configuration interface. This issue has been confirmed with the 3.2.28 #483 (Aug 23 2001) firmware. Other versions of the firmware may also be affected

Trust: 1.8

sources: NVD: CVE-2001-1221 // CNVD: CNVD-2001-3259 // BID: 3736 // VULHUB: VHN-4026

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2001-3259

AFFECTED PRODUCTS

vendor:	d link	model:	dwl-1000ap	scope:	eq	version:	3.2.28_483	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dwl-1000ap #483	scope:	eq	version:	3.2.28	Trust: 0.3

sources: CNVD: CNVD-2001-3259 // BID: 3736 // CNNVD: CNNVD-200112-131 // NVD: CVE-2001-1221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1221
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200112-131
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1221
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4026
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4026 // CNNVD: CNNVD-200112-131 // NVD: CVE-2001-1221

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-131

TYPE

Design Error

Trust: 0.9

sources: BID: 3736 // CNNVD: CNNVD-200112-131

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1221	Trust: 2.6
db:	BID	id:	3736	Trust: 2.0
db:	CNVD	id:	CNVD-2001-3259	Trust: 0.6
db:	BUGTRAQ	id:	20011221 D-LINK DWL-1000AP CAN BE COMPROMISED BECAUSE OF SNMP CONFIGURATION	Trust: 0.6
db:	CNNVD	id:	CNNVD-200112-131	Trust: 0.6
db:	VULHUB	id:	VHN-4026	Trust: 0.1

sources: CNVD: CNVD-2001-3259 // VULHUB: VHN-4026 // BID: 3736 // CNNVD: CNNVD-200112-131 // NVD: CVE-2001-1221

REFERENCES

url:	http://www.securityfocus.com/bid/3736	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/246849	Trust: 1.7
url:	http://www.dlink.com/products/wireless/dwl1000ap/	Trust: 0.3

sources: VULHUB: VHN-4026 // BID: 3736 // CNNVD: CNNVD-200112-131 // NVD: CVE-2001-1221

CREDITS

Jonathan Strine※ jstrine@netpanel.com

Trust: 0.6

sources: CNNVD: CNNVD-200112-131

SOURCES

db:	CNVD	id:	CNVD-2001-3259
db:	VULHUB	id:	VHN-4026
db:	BID	id:	3736
db:	CNNVD	id:	CNNVD-200112-131
db:	NVD	id:	CVE-2001-1221

LAST UPDATE DATE

2025-04-03T22:25:21.991000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2001-3259	date:	2001-12-24T00:00:00
db:	VULHUB	id:	VHN-4026	date:	2008-09-05T00:00:00
db:	BID	id:	3736	date:	2009-07-11T09:06:00
db:	CNNVD	id:	CNNVD-200112-131	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1221	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2001-3259	date:	2001-12-21T00:00:00
db:	VULHUB	id:	VHN-4026	date:	2001-12-21T00:00:00
db:	BID	id:	3736	date:	2001-12-21T00:00:00
db:	CNNVD	id:	CNNVD-200112-131	date:	2001-12-21T00:00:00
db:	NVD	id:	CVE-2001-1221	date:	2001-12-21T05:00:00