{"vuid":"VU#758582","idnumber":"758582","name":"Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default","keywords":["Yamaha","MusicCAST MCX-1000"],"overview":"The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST.","clean_desc":"The Yamaha MusicCAST MCX-1000 is a network-enabled digital audio system that has the ability to act as an 802.11b wireless access point. The wireless interface cannot be disabled, and if the wireless network card is removed the MusicCAST will not function. If the MusicCAST is connected to a wired network, resources on that LAN may be exposed via the wireless network. While Yamaha ships MusicCASTs with unique Service Set Identifiers (SSIDs) and enables Wired Equivalent Privacy (WEP), it is possible that a reseller could configure the MusicCAST with a default, well-known SSID and disable WEP.","impact":"A remote attacker could access the MusicCAST wireless network and data stored on the MusicCAST. If the MusicCAST is connected to a wired LAN, any resources on the LAN may be exposed via the wireless network.","resolution":"Upgrade Upgrade the MusicCAST MCX-1000 firmware to  Version Upgrade Vol. 4.1 (5.2.14a). This version allows users to disable the wireless interface, reduce SSID exposure, and enable MAC address filtering.","workarounds":"Enable WEP and other wireless security features To make it more difficult for an attacker to connect to the MusicCAST wireless network, use Wired Equivalent Privacy (WEP). Note that vulnerabilities in WEP make it relatively easy for an attacker to determine the WEP key and connect to the WEP-protected wireless network. Current versions of the MusicCAST enable WEP by default and use a unique WEP key. The release notes state that Version Upgrade Vol. 4.1 supports \"Stealth mode to keep ESSID private or MAC address filter to protect the MusicCAST system from unauthorized access through wireless LAN.\"  These features make it somewhat more difficult for an attacker to access the wireless network. Disable wireless network interface If it is not needed, disable the wireless network interface.","sysaffected":"","thanks":"Thanks to Robert Otto for reporting this vulnerability.","author":"This document was written by Art Manion.","public":["http://www.yamaha.com/yec/products/MusicCast/index.htm","http://www.yamaha.com/yec/products/MusicCast/idx_server.htm","http://www.yamaha.com/yec/products/MusicCast/idx_specs.htm#server","http://www.yamaha.com/yec/products/MusicCast/idx_updates.htm#update4_2","http://www.yamaha.com/yec/products/MusicCast/downloads/mc_versionup4_1.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-20T18:56:37Z","publicdate":"2005-06-07T00:00:00Z","datefirstpublished":"2005-06-07T21:47:15Z","dateupdated":"2005-06-08T16:39:42Z","revision":32,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"2","cam_impact":"7","cam_easeofexploitation":"19","cam_attackeraccessrequired":"13","cam_scorecurrent":"0.0648375","cam_scorecurrentwidelyknown":"1.29675","cam_scorecurrentwidelyknownexploited":"2.5935","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0648375,"vulnote":null}