Details of VAR-200211-0077

ID

VAR-200211-0077

TITLE

Multi-vendor wireless access point remote information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3979

DESCRIPTION

GlobalSunTech develops a variety of OEM wireless access point devices such as Linksys, D-Link, and other products. A variety of wireless access point devices developed by GlobalSunTech have incorrectly processed some broadcast requests. Remote attackers can use this vulnerability to obtain sensitive information contained in the device, including administrator passwords. An attacker can send a broadcast packet containing the "gstsearch" string to the UDP port 27155 of the wireless access point device, which can cause the device to return sensitive information including WEB keys, MAC filtering, and administrator passwords. Attackers can use this information to further attack and control the device.

Trust: 0.6

sources: CNVD: CNVD-2002-3979

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2002-3979

AFFECTED PRODUCTS

vendor:

none

model:

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2002-3979

EXTERNAL IDS

db:

CNVD

id:

CNVD-2002-3979

Trust: 0.6

sources: CNVD: CNVD-2002-3979

SOURCES

db:

CNVD

id:

CNVD-2002-3979

LAST UPDATE DATE

2022-05-04T09:49:31.936000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2002-3979

date:

2002-11-06T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2002-3979

date:

2002-11-03T00:00:00