Security and Communication Networks

Research Article

Your WAP Is at Risk: A Vulnerability Analysis on Wireless Access Point Web-Based Management Interfaces

Table 2

Identified weaknesses per Web app.
Weaknesses per APASUSD-LinkLinksysNetgearTP-LinkXiaomiSection
Open services by default
Outdated software4.4
Information leakage4.11
Use of weak nonce4.3
No X-frame-options4.8
No content-security-policy4.8, 4.13, 4.14
Allow values after “?”4.1
Invalidated upload of file
Password-only user auth.
No brute-force protection
The “allow values after “?” means that the Web app accepts any value an actor can enter after the query character in a URL. The last column points out the relevant to this weakness sections of Section 4.