CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#758582

Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default

Overview

The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST.

I. Description

The Yamaha MusicCAST MCX-1000 is a network-enabled digital audio system that has the ability to act as an 802.11b wireless access point. The wireless interface cannot be disabled, and if the wireless network card is removed the MusicCAST will not function. If the MusicCAST is connected to a wired network, resources on that LAN may be exposed via the wireless network. While Yamaha ships MusicCASTs with unique Service Set Identifiers (SSIDs) and enables Wired Equivalent Privacy (WEP), it is possible that a reseller could configure the MusicCAST with a default, well-known SSID and disable WEP.

II. Impact

A remote attacker could access the MusicCAST wireless network and data stored on the MusicCAST. If the MusicCAST is connected to a wired LAN, any resources on the LAN may be exposed via the wireless network.

III. Solution

Upgrade

Upgrade the MusicCAST MCX-1000 firmware to Version Upgrade Vol. 4.1 (5.2.14a). This version allows users to disable the wireless interface, reduce SSID exposure, and enable MAC address filtering.

Enable WEP and other wireless security features

To make it more difficult for an attacker to connect to the MusicCAST wireless network, use Wired Equivalent Privacy (WEP). Note that vulnerabilities in WEP make it relatively easy for an attacker to determine the WEP key and connect to the WEP-protected wireless network. Current versions of the MusicCAST enable WEP by default and use a unique WEP key.

The release notes state that Version Upgrade Vol. 4.1 supports "Stealth mode to keep ESSID private or MAC address filter to protect the MusicCAST system from unauthorized access through wireless LAN." These features make it somewhat more difficult for an attacker to access the wireless network.

Disable wireless network interface

If it is not needed, disable the wireless network interface.

Systems Affected

VendorStatusDate Updated
YamahaVulnerable28-Apr-2005

References


http://www.yamaha.com/yec/products/MusicCast/index.htm
http://www.yamaha.com/yec/products/MusicCast/idx_server.htm
http://www.yamaha.com/yec/products/MusicCast/idx_specs.htm#server
http://www.yamaha.com/yec/products/MusicCast/idx_updates.htm#update4_2
http://www.yamaha.com/yec/products/MusicCast/downloads/mc_versionup4_1.pdf

Credit

Thanks to Robert Otto for reporting this vulnerability.

This document was written by Art Manion.

Other Information

Date Public06/07/2005
Date First Published06/07/2005 05:47:13 PM
Date Last Updated06/08/2005
CERT Advisory 
CVE Name 
Metric0.06
Document Revision31

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2005 Carnegie Mellon University