Vulnerabilities > CVE-2008-6824 - Cryptographic Issues vulnerability in A-Link Wl54Ap2 and Wl54Ap3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
description | A-Link WL54AP3 and WL54AP2 CSRF+XSS Vulnerability. CVE-2008-6823,CVE-2008-6824. Remote exploit for hardware platform |
file | exploits/hardware/remote/6899.txt |
id | EDB-ID:6899 |
last seen | 2016-02-01 |
modified | 2008-10-31 |
platform | hardware |
port | |
published | 2008-10-31 |
reporter | Henri Lindberg |
source | https://www.exploit-db.com/download/6899/ |
title | A-Link WL54AP3 and WL54AP2 - CSRF+XSS Vulnerability |
type | remote |