|
COMMAND password handling in BreezeCOM SYSTEMS AFFECTED Systems running BreezeCOM product PROBLEM Mr. SteelFire found following. BreezeCOM adapters are used in wireless LAN environments and like any communication device (switches, routers etc.) you need a password to access the adapter. BreezeCOM has choosed to use a burned-in factory standard password for their adapters which really is a stupid way to handle this. They have different passwords for different version which you cannot change and the passwords are the following: 4.x Super 3.x Master 2.x laflaf Marc Esipovich added following: 4.4.x Helpdesk He only tested this on 4.4.1, it seems that 5.x does not have such bypass passwords anymore. As far as known the passwords above works with SA (Station Adapter) 10, SA 40 and AP (Access Point) 10. One thing that should be pointed out is that it's not possible to access the adapters remote (not telnet etc.) so the security problem is local. It is possible to set installerrights via snmp according to one sorce. There is also a kind of DOS in the way of updating the firmware. The tftpserver requires no authorization to upload the firmware and reset. So, someone could easily upload any file. After that you have to send the affected device to breezecom to get a new firmware cause the tftpserver is part of the firmware... SOLUTION The only protection is to set up no ip-configuration.