|
Family: CGI abuses --> Category: infos
EdiMax AP Hidden Password Check Vulnerability Scan
Vulnerability Scan Summary Edimax Hidden Password Check
Detailed Explanation for this Vulnerability Test
The remote EdiMax Access Point ships with a default account
('guest'/'1234') which has backup rights on the remote configuration
file.
If the guest user does a backup of the remote config file, he will be able
to obtain the password for the administrator account, since it's saved in
cleartext in the config.
Solution: Contact vendor for a fix. As a temporary workaround,
disable the webserver or filter the traffic to this access point
webserver via an upstream firewall.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|