Details of VAR-201006-0507

ID

VAR-201006-0507

TITLE

D-Link DAP-1160 Wireless AP Web Management Interface Bypasses Authentication Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-5591

DESCRIPTION

The D-Link DAP-1160 is a small wireless AP. The user must provide the correct login credentials before accessing the device's web management interface, but if the device's web server is restarted for a short time (about 40 seconds), the following URL address is accessed: http://IP_ADDR/tools_firmw .htm allows you to access the device's web interface without authentication and then perform various administrative operations such as reconfiguration, obtaining sensitive information, modifying Wi-Fi SSIDs, and pass phrases. The attacker does not have to wait for the device to reboot, and can remotely reboot the device through the DCC protocol. The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions, access certain administrative functions, alter configuration, or trigger a denial-of-service condition. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

Trust: 0.81

sources: CNVD: CNVD-2010-5591 // BID: 41222

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-5591

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dap-1160 1.31b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.30b10	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.20b06	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2010-5591 // BID: 41222

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2010-5591
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2010-5591
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2010-5591

THREAT TYPE

network

Trust: 0.3

sources: BID: 41222

TYPE

Design Error

Trust: 0.3

sources: BID: 41222

EXTERNAL IDS

db:	BID	id:	41222	Trust: 0.9
db:	CNVD	id:	CNVD-2010-5591	Trust: 0.6

sources: CNVD: CNVD-2010-5591 // BID: 41222

REFERENCES

url:	http://marc.info/?l=bugtraq&m=127783530124890&w=2	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	/archive/1/512076	Trust: 0.3

sources: CNVD: CNVD-2010-5591 // BID: 41222

CREDITS

Cristofaro Mune

Trust: 0.3

sources: BID: 41222

SOURCES

db:	CNVD	id:	CNVD-2010-5591
db:	BID	id:	41222

LAST UPDATE DATE

2022-05-17T02:09:17.708000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-5591	date:	2014-01-27T00:00:00
db:	BID	id:	41222	date:	2010-06-29T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-5591	date:	2010-06-29T00:00:00
db:	BID	id:	41222	date:	2010-06-29T00:00:00