[MLB-WIRELESS] Dlink 900+ firmware v2.3

Tyson Clugg tyson at wireless.org.au
Thu Nov 7 17:31:36 EST 2002


> >
ftp://ftp.dlink.com/Wireless/DWL900AP+/Firmware/dwl900AP+_firmware_230.exe
> >
> > Not sure if it fixes the recent security flaw, but it's firmware dated
29
> > Sept 2002.
> > Tested it on mine.... looks good so far...
>
> Firstly - what security flaw? :) I purchased one of these units yesterday.

Sending a broadcast packet to UDP port 27155 containing the string
"gstsearch" causes the accesspoint to return wep keys, mac filter and
admin password. This happens on the WLAN Side and on the LAN Side.

Systems Affected
----------------
        Vulnerable, tested, OEM Version from GlobalSunTech:
                WISECOM GL2422AP-0T

        Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
===>            D-Link DWL-900AP+ B1 version 2.1 and 2.2
                ALLOY GL-2422AP-S
                EUSSO GL2422-AP
                LINKSYS WAP11-V2.2


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list