Search criteria
1 vulnerability found for dwl-900ap\+ by dlink
VAR-200212-0510
Vulnerability from variot - Updated: 2024-02-15 23:01D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link.
DWL-900AP + contains an undisclosed TFTP service program.
-WEP encryption key.
-Network configuration data (address, SSID, etc.).
This data exists in clear text, and through this data, an attacker may be able to control the entire device.
In addition, you can obtain other configuration files by accessing the request TFTP server:
-eeprom.dat
-mac.dat
-wtune.dat
-rom.img
-normal.img. This could lead to the disclosure of sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.1"
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.1"
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.2"
},
{
"model": "dwl-900ap+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.2"
},
{
"model": "dwl-900ap+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.1"
},
{
"model": "dwl-900ap+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dwl-900ap\\+_firmware:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dwl-900ap\\+_firmware:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dwl-900ap\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovery credited to \u003csecurity@rionero.com\u003e.",
"sources": [
{
"db": "BID",
"id": "6015"
}
],
"trust": 0.3
},
"cve": "CVE-2002-1810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-717",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6193",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link. \n\n\u00a0DWL-900AP + contains an undisclosed TFTP service program. \n\n\u00a0-WEP encryption key. \n\n\u00a0-Network configuration data (address, SSID, etc.). \n\n\u00a0This data exists in clear text, and through this data, an attacker may be able to control the entire device. \n\n\u00a0In addition, you can obtain other configuration files by accessing the request TFTP server:\n\n\u00a0-eeprom.dat\n\n\u00a0-mac.dat\n\n\u00a0-wtune.dat\n\n\u00a0-rom.img\n\n\u00a0-normal.img. This could lead to the disclosure of sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
},
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "VULHUB",
"id": "VHN-6193"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1810",
"trust": 2.3
},
{
"db": "BID",
"id": "6015",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-3891",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3707",
"trust": 0.6
},
{
"db": "XF",
"id": "10424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6193",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"id": "VAR-200212-0510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
}
]
},
"last_update_date": "2024-02-15T23:01:07.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6015"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10424.php"
},
{
"trust": 1.1,
"url": "http://online.securityfocus.com/archive/1/296374"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3707"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/digitalhome/wireless/11b+/dwl900ap+/"
},
{
"trust": 0.3,
"url": "http://support.dlink.com/products/view.asp?productid=dwl-900ap+"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6193"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6015"
},
{
"date": "2002-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6193"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6015"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"date": "2024-02-14T17:25:43.527000",
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-900AP + TFTP Server Arbitrary File Acquisition Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
}
],
"trust": 0.6
}
}