WAP Backdoor
Posted: Fri Jan 31, 2003 7:58 am
I stumbled across this on the Wardriving.Com blog. It's a couple of months old, but still (IMHO) newsworthy.
It seems that the OEM SW developer put a backdoor in their software. By sending the word "gstsearch" to a particular port, the WAP will reply with the WEP keys, mac filter settings, and admin password! It gets worse: this works from either the LAN or WAN interface! This definitely falls into the "WTF were they thinking?' category. Or did someone forget to #define before production release?
Nothing to worry about, unless your vendor bought this software. Anyone want to test the Linksys WAP11-V2.2?
http://archives.neohapsis.com/archives/bugtraq/2002-11/0008.html
It seems that the OEM SW developer put a backdoor in their software. By sending the word "gstsearch" to a particular port, the WAP will reply with the WEP keys, mac filter settings, and admin password! It gets worse: this works from either the LAN or WAN interface! This definitely falls into the "WTF were they thinking?' category. Or did someone forget to #define before production release?
Nothing to worry about, unless your vendor bought this software. Anyone want to test the Linksys WAP11-V2.2?
http://archives.neohapsis.com/archives/bugtraq/2002-11/0008.html