Journals
Publish with us
Publishing partnerships
About us
Blog
Security and Communication Networks
Journal overview
For authors
For reviewers
For editors
Table of Contents
Special Issues
Security and Communication Networks
/
2022
/
Article
/
Tab 2
/
Research Article
Your WAP Is at Risk: A Vulnerability Analysis on Wireless Access Point Web-Based Management Interfaces
Table 2
Identified weaknesses per Web app.
Weaknesses per AP
ASUS
D-Link
Linksys
Netgear
TP-Link
Xiaomi
Section
Open services by default
✓
—
Outdated software
✓
✓
✓
✓
✓
✓
4.4
Information leakage
✓
✓
✓
4.11
Use of weak nonce
✓
✓
4.3
No X-frame-options
✓
✓
4.8
No content-security-policy
✓
✓
✓
✓
✓
4.8
,
4.13
,
4.14
Allow values after “?”
✓
✓
4.1
Invalidated upload of file
✓
✓
—
Password-only user auth.
✓
✓
✓
✓
—
No brute-force protection
✓
✓
—
The “allow values after “?” means that the Web app accepts any value an actor can enter after the query character in a URL. The last column points out the relevant to this weakness sections of Section
4
.