VAR-200112-0138
Vulnerability from variot - Updated: 2025-04-03 22:25D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. DLink DWL-1000AP is an 11Mbps wireless LAN access point product for home users. It supports WEP, MAC address control and user authentication.
The product has a security issue that could cause a remote attacker to hijack the access point.
This is because the administrator password is stored in plain text in the default 'public' management system library (OID 1.3.6.1.4.1.937.2.1.2.2.0). An attacker who has access to this management system library may pass the SNMP client Obtain the password, then access the wireless network, modify the configuration, or launch a denial of service attack. Any attacker within range, using a SNMP client, can reveal the administrative password by browsing the "public" MIB. This issue has been confirmed with the 3.2.28 #483 (Aug 23 2001) firmware. Other versions of the firmware may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-1000ap",
"scope": "eq",
"trust": 1.6,
"vendor": "d link",
"version": "3.2.28_483"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dwl-1000ap #483",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "3.2.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"db": "BID",
"id": "3735"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Strine\u203b jstrine@netpanel.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1220",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-4025",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1220",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-132",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-4025",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4025"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. DLink DWL-1000AP is an 11Mbps wireless LAN access point product for home users. It supports WEP, MAC address control and user authentication. \n\n\u00a0The product has a security issue that could cause a remote attacker to hijack the access point. \n\n\u00a0This is because the administrator password is stored in plain text in the default \u0027public\u0027 management system library (OID 1.3.6.1.4.1.937.2.1.2.2.0). An attacker who has access to this management system library may pass the SNMP client Obtain the password, then access the wireless network, modify the configuration, or launch a denial of service attack. Any attacker within range, using a SNMP client, can reveal the administrative password by browsing the \"public\" MIB. \nThis issue has been confirmed with the 3.2.28 #483 (Aug 23\n2001) firmware. Other versions of the firmware may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1220"
},
{
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"db": "BID",
"id": "3735"
},
{
"db": "VULHUB",
"id": "VHN-4025"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1220",
"trust": 2.6
},
{
"db": "BID",
"id": "3735",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2001-3262",
"trust": 0.6
},
{
"db": "XF",
"id": "7733",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011221 D-LINK DWL-1000AP CAN BE COMPROMISED BECAUSE OF SNMP CONFIGURATION",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4025",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"db": "VULHUB",
"id": "VHN-4025"
},
{
"db": "BID",
"id": "3735"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"id": "VAR-200112-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"db": "VULHUB",
"id": "VHN-4025"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
}
]
},
"last_update_date": "2025-04-03T22:25:22.020000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3735"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/246849"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7733.php"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/wireless/dwl1000ap/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4025"
},
{
"db": "BID",
"id": "3735"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"db": "VULHUB",
"id": "VHN-4025"
},
{
"db": "BID",
"id": "3735"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"date": "2001-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-4025"
},
{
"date": "2001-12-21T00:00:00",
"db": "BID",
"id": "3735"
},
{
"date": "2001-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"date": "2001-12-21T05:00:00",
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-3262"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4025"
},
{
"date": "2009-07-11T09:06:00",
"db": "BID",
"id": "3735"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-132"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-1220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-1000AP WLAN Access Point Plain Text Password Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-3262"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3735"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-132"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…