D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
References
Link | Resource |
---|---|
http://online.securityfocus.com/archive/1/296374 | Broken Link Third Party Advisory VDB Entry |
http://www.iss.net/security_center/static/10424.php | Broken Link |
http://www.securityfocus.com/bid/6015 | Broken Link Third Party Advisory VDB Entry |
http://online.securityfocus.com/archive/1/296374 | Broken Link Third Party Advisory VDB Entry |
http://www.iss.net/security_center/static/10424.php | Broken Link |
http://www.securityfocus.com/bid/6015 | Broken Link Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Nov 2024, 23:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://online.securityfocus.com/archive/1/296374 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.iss.net/security_center/static/10424.php - Broken Link | |
References | () http://www.securityfocus.com/bid/6015 - Broken Link, Third Party Advisory, VDB Entry |
14 Feb 2024, 17:25
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.5 |
CWE | CWE-306 | |
First Time |
Dlink
Dlink dwl-900ap\+ Dlink dwl-900ap\+ Firmware |
|
CPE | cpe:2.3:h:d-link:dwl-900ap\+:2.1:*:*:*:*:*:*:* |
cpe:2.3:h:dlink:dwl-900ap\+:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.2:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.1:*:*:*:*:*:*:* |
References | (BID) http://www.securityfocus.com/bid/6015 - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) http://www.iss.net/security_center/static/10424.php - Broken Link | |
References | (BUGTRAQ) http://online.securityfocus.com/archive/1/296374 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2002-12-31 05:00
Updated : 2024-11-20 23:42
NVD link : CVE-2002-1810
Mitre link : CVE-2002-1810
CVE.ORG link : CVE-2002-1810
JSON object : View
Products Affected
dlink
- dwl-900ap\+
- dwl-900ap\+_firmware
CWE
CWE-306
Missing Authentication for Critical Function