High severity7.5NVD Advisory· Published Dec 31, 2002· Updated Apr 16, 2026

CVE-2002-1810

Description

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.

Affected products

Dlink/Dwl 900ap\+ Firmware2 versions
cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

online.securityfocus.com/archive/1/296374nvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/6015nvdBroken LinkThird Party AdvisoryVDB Entry
www.iss.net/security_center/static/10424.phpnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000