CVE-2002-1810
HIGHD-Link DWL-900AP+ Firmware 2.1-2.2 - Unauthenticated Sensitive Information Exposure via TFTP Server
Title source: llmDescription
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
References (3)
Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6015
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10424.php
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/296374
Scores
CVSS v3
7.5
EPSS
0.0069
EPSS Percentile
72.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (2)
dlink/dwl-900ap\+_firmware
2.1
dlink/dwl-900ap\+_firmware
2.2
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026