Sign-up

ID

VAR-200606-0465


CVE

CVE-2006-2901


TITLE

D-Link DWL-2100AP Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2006-4315 // BID: 18299

DESCRIPTION

The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. D-Link DWL-2100ap is a popular wireless access point. Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions Required for Attack An attacker must access D-Link DWL-2100AP. Vulnerability Information D-Link DWL-2100AP is a wireless router device. Test method http: //dlink-DWL-2100ap/cgi-bin/Intruders.cfg Vendor solutions can use the following third-party patches: http://www.dlinkbrasil.com.br/internet/downloads/Wireless/DWL-2100AP /DWL2100AP-firmware-v210na-r0343.tfp. D-Link DWL-2100AP devices are susceptible to a remote information-disclosure vulnerability. The devices fail to properly secure configuration information. This may aid them in further attacks. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: D-Link DWL-2100AP Exposure of Configuration Files SECUNIA ADVISORY ID: SA20474 VERIFY ADVISORY: http://secunia.com/advisories/20474/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: D-Link DWL-2100AP http://secunia.com/product/4116/ DESCRIPTION: A security issue has been reported in D-Link DWL-2100AP, which can be exploited by malicious people to disclose sensitive information. The problem is caused due to configuration files being stored insecurely inside the "cgi-bin" directory. Example: http://[host]/cgi-bin/[file].cfg The security issue has been reported in firmware version 2.10na. Other versions may also be affected. SOLUTION: Filter traffic to the web interface of an affected device. PROVIDED AND/OR DISCOVERED BY: Wendel Guglielmetti Henrique and Intruders Tiger Team Security. ORIGINAL ADVISORY: http://www.intruders.org.br/adv0206en.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2006-2901 // CNVD: CNVD-2006-4315 // CNVD: CNVD-2006-4300 // BID: 18299 // VULHUB: VHN-19009 // PACKETSTORM: 47096

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2006-4315 // CNVD: CNVD-2006-4300

AFFECTED PRODUCTS

vendor:nonemodel: - scope: - version: -

Trust: 1.2

vendor:d linkmodel:dwl-2100apscope:lteversion:2.10na

Trust: 1.0

vendor:d linkmodel:dwl-2100apscope:eqversion:2.10na

Trust: 0.6

vendor:d linkmodel:dwl-2100apscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-4315 // CNVD: CNVD-2006-4300 // BID: 18299 // CNNVD: CNNVD-200606-185 // NVD: CVE-2006-2901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2901
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200606-185
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19009
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-2901
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-19009
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19009 // CNNVD: CNNVD-200606-185 // NVD: CVE-2006-2901

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2901

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-185

TYPE

Design Error

Trust: 0.9

sources: BID: 18299 // CNNVD: CNNVD-200606-185

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-19009

EXTERNAL IDS
db:BIDid:18299
Trust: 2.6
db:SECUNIAid:20474
Trust: 2.4
db:NVDid:CVE-2006-2901
Trust: 2.3
db:SECTRACKid:1016234
Trust: 2.3
db:VUPENid:ADV-2006-2186
Trust: 1.7
db:SREASONid:1064
Trust: 1.7
db:XFid:26973
Trust: 1.2
db:CNNVDid:CNNVD-200606-185
Trust: 0.7
db:CNVDid:CNVD-2006-4315
Trust: 0.6
db:CNCANid:CNCAN-2006060706
Trust: 0.6
db:CNVDid:CNVD-2006-4300
Trust: 0.6
db:BUGTRAQid:20080301 THE ROUTER HACKING CHALLENGE IS OVER!
Trust: 0.6
db:BUGTRAQid:20060607 ADVISORY - D-LINK WIRELESS ACCESS-POINT
Trust: 0.6
db:SEEBUGid:SSVID-63625
Trust: 0.1
db:EXPLOIT-DBid:1889
Trust: 0.1
db:VULHUBid:VHN-19009
Trust: 0.1
db:PACKETSTORMid:47096
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-4315 // 
            
            
            
            CNVD: CNVD-2006-4300 // 
            
            
            
            VULHUB: VHN-19009 // 
            
            
            
            BID: 18299 // 
            
            
            
            PACKETSTORM: 47096 // 
            
            
            
            CNNVD: CNNVD-200606-185 // 
            
            
            
            NVD: CVE-2006-2901

REFERENCES
url:http://www.intruders.com.br/adv0206en.html
Trust: 2.6
url:http://secunia.com/advisories/20474
Trust: 2.3
url:http://securitytracker.com/id?1016234
Trust: 2.3
url:http://www.securityfocus.com/bid/18299
Trust: 2.3
url:http://www.intruders.org.br/adv0206en.html
Trust: 1.8
url:http://www.gnucitizen.org/projects/router-hacking-challenge/
Trust: 1.7
url:http://securityreason.com/securityalert/1064
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2006/2186
Trust: 1.2
url:http://www.securityfocus.com/archive/1/archive/1/436281/100/0/threaded
Trust: 1.2
url:http://xforce.iss.net/xforce/xfdb/26973
Trust: 1.2
url:http://www.securityfocus.com/archive/1/436281/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/489009/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/2186
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26973
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded
Trust: 0.6
url:http://www.dlink.com/products/?pid=292
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4116/
Trust: 0.1
url:http://secunia.com/advisories/20474/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://[host]/cgi-bin/[file].cfg
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-4300 // 
            
            
            
            VULHUB: VHN-19009 // 
            
            
            
            BID: 18299 // 
            
            
            
            PACKETSTORM: 47096 // 
            
            
            
            CNNVD: CNNVD-200606-185 // 
            
            
            
            NVD: CVE-2006-2901

CREDITS
Wendel Guglielmetti Henrique Intruders Tiger Team Security http://www.intruders.com.br/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200606-185

SOURCES
db:CNVDid:CNVD-2006-4315
db:CNVDid:CNVD-2006-4300
db:VULHUBid:VHN-19009
db:BIDid:18299
db:PACKETSTORMid:47096
db:CNNVDid:CNNVD-200606-185
db:NVDid:CVE-2006-2901

LAST UPDATE DATE
2025-04-03T20:55:57.628000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-4315date:2006-06-06T00:00:00
db:CNVDid:CNVD-2006-4300date:2006-06-06T00:00:00
db:VULHUBid:VHN-19009date:2018-10-18T00:00:00
db:BIDid:18299date:2006-06-06T20:27:00
db:CNNVDid:CNNVD-200606-185date:2006-06-08T00:00:00
db:NVDid:CVE-2006-2901date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-4315date:2006-06-06T00:00:00
db:CNVDid:CNVD-2006-4300date:2006-06-06T00:00:00
db:VULHUBid:VHN-19009date:2006-06-07T00:00:00
db:BIDid:18299date:2006-06-06T00:00:00
db:PACKETSTORMid:47096date:2006-06-10T05:36:59
db:CNNVDid:CNNVD-200606-185date:2006-06-07T00:00:00
db:NVDid:CVE-2006-2901date:2006-06-07T21:06:00