Vulnerabilities > CVE-2002-2137 - Information Disclosure vulnerability in GlobalSunTech Access Point

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.

Vulnerable Configurations

Part	Description	Count
Hardware	Alloy Alloy GL 2422Ap S *	1
Hardware	D-Link D Link DWL 900Ap+ B1_2.1 D Link DWL 900Ap+ B1_2.2	2
Hardware	Eusso Eusso Gl2422 AP *	1
Hardware	Linksys Linksys Wap11 2.2	1
Hardware	Wisecom Wisecom Gl2422Ap 0T *	1

References

http://online.securityfocus.com/archive/1/298432
http://www.iss.net/security_center/static/10536.php
http://www.securityfocus.com/bid/6100