Details of VAR-201006-0500

ID

VAR-201006-0500

TITLE

D-Link DAP-1160 Wireless Access Point DCC Protocol Security Bypass Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2010-1193 // BID: 41187

DESCRIPTION

D-Link DAP-1160 is a dual network port 802.11g 54M wireless bridge, wireless relay, wireless AP. The DCCD is a UDP daemon that listens on the UDP 2003 port of the device. The device can be easily configured through the DCC protocol. Sending the correct formatted UDP data frame, the DCCD daemon will not need to verify the execution of the relevant security operations. Sensitive wireless configuration parameters such as WI-FI SSID, encryption type, key and password fields can be obtained remotely. It is also possible to modify device parameters and configurations, or reboot without having to obtain a WEB administrative password. The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions, access certain administrative functions, alter configuration, or trigger a denial-of-service condition. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

Trust: 0.81

sources: CNVD: CNVD-2010-1193 // BID: 41187

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1193

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dap-1160 1.31b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.30b10	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.20b06	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2010-1193 // BID: 41187

THREAT TYPE

network

Trust: 0.3

sources: BID: 41187

TYPE

Design Error

Trust: 0.3

sources: BID: 41187

EXTERNAL IDS

db:	BID	id:	41187	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1193	Trust: 0.6

sources: CNVD: CNVD-2010-1193 // BID: 41187

REFERENCES

url:	http://www.securityfocus.com/archive/1/512053	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	/archive/1/512053	Trust: 0.3

sources: CNVD: CNVD-2010-1193 // BID: 41187

CREDITS

Cristofaro Mune

Trust: 0.3

sources: BID: 41187

SOURCES

db:	CNVD	id:	CNVD-2010-1193
db:	BID	id:	41187

LAST UPDATE DATE

2022-05-17T01:58:05.137000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1193	date:	2010-06-28T00:00:00
db:	BID	id:	41187	date:	2010-06-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1193	date:	2010-06-28T00:00:00
db:	BID	id:	41187	date:	2010-06-28T00:00:00