SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#758582

Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default

Overview

The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST.

I. Description

The Yamaha MusicCAST MCX-1000 is a network-enabled digital audio system that has the ability to act as an 802.11b wireless access point. The wireless interface cannot be disabled, and if the wireless network card is removed the MusicCAST will not function. If the MusicCAST is connected to a wired network, resources on that LAN may be exposed via the wireless network. While Yamaha ships MusicCASTs with unique Service Set Identifiers (SSIDs) and enables Wired Equivalent Privacy (WEP), it is possible that a reseller could configure the MusicCAST with a default, well-known SSID and disable WEP.

II. Impact

A remote attacker could access the MusicCAST wireless network and data stored on the MusicCAST. If the MusicCAST is connected to a wired LAN, any resources on the LAN may be exposed via the wireless network.

III. Solution

Upgrade

Upgrade the MusicCAST MCX-1000 firmware to Version Upgrade Vol. 4.1 (5.2.14a). This version allows users to disable the wireless interface, reduce SSID exposure, and enable MAC address filtering.

Enable WEP and other wireless security features

To make it more difficult for an attacker to connect to the MusicCAST wireless network, use Wired Equivalent Privacy (WEP). Note that vulnerabilities in WEP make it relatively easy for an attacker to determine the WEP key and connect to the WEP-protected wireless network. Current versions of the MusicCAST enable WEP by default and use a unique WEP key.

The release notes state that Version Upgrade Vol. 4.1 supports "Stealth mode to keep ESSID private or MAC address filter to protect the MusicCAST system from unauthorized access through wireless LAN." These features make it somewhat more difficult for an attacker to access the wireless network.

Disable wireless network interface

If it is not needed, disable the wireless network interface.

Systems Affected

VendorStatusDate NotifiedDate Updated
YamahaVulnerable28-Apr-2005

References

http://www.yamaha.com/yec/products/MusicCast/index.htm
http://www.yamaha.com/yec/products/MusicCast/idx_server.htm
http://www.yamaha.com/yec/products/MusicCast/idx_specs.htm#server
http://www.yamaha.com/yec/products/MusicCast/idx_updates.htm#update4_2
http://www.yamaha.com/yec/products/MusicCast/downloads/mc_versionup4_1.pdf

Credit

Thanks to Robert Otto for reporting this vulnerability.

This document was written by Art Manion.

Other Information

Date Public:2005-06-07
Date First Published:2005-06-07
Date Last Updated:2005-06-08
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:0.06
Document Revision:31

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader