Vulnerabilities > CVE-2008-6824 - Cryptographic Issues vulnerability in A-Link Wl54Ap2 and Wl54Ap3

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

a-link

CWE-310

critical

exploit available

NVD

Published: 2009-06-04

Updated: 2018-10-11

Summary

The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.

Vulnerable Configurations

Part	Description	Count
Hardware	A-Link A Link Wl54Ap2 * A Link Wl54Ap3 *	2

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

description	A-Link WL54AP3 and WL54AP2 CSRF+XSS Vulnerability. CVE-2008-6823,CVE-2008-6824. Remote exploit for hardware platform
file	exploits/hardware/remote/6899.txt
id	EDB-ID:6899
last seen	2016-02-01
modified	2008-10-31
platform	hardware
port
published	2008-10-31
reporter	Henri Lindberg
source	https://www.exploit-db.com/download/6899/
title	A-Link WL54AP3 and WL54AP2 - CSRF+XSS Vulnerability
type	remote

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

References