search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default

Vulnerability Note VU#758582

Original Release Date: 2005-06-07 | Last Revised: 2005-06-08

Overview

The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST.

Description

The Yamaha MusicCAST MCX-1000 is a network-enabled digital audio system that has the ability to act as an 802.11b wireless access point. The wireless interface cannot be disabled, and if the wireless network card is removed the MusicCAST will not function. If the MusicCAST is connected to a wired network, resources on that LAN may be exposed via the wireless network. While Yamaha ships MusicCASTs with unique Service Set Identifiers (SSIDs) and enables Wired Equivalent Privacy (WEP), it is possible that a reseller could configure the MusicCAST with a default, well-known SSID and disable WEP.

Impact

A remote attacker could access the MusicCAST wireless network and data stored on the MusicCAST. If the MusicCAST is connected to a wired LAN, any resources on the LAN may be exposed via the wireless network.

Solution

Upgrade

Upgrade the MusicCAST MCX-1000 firmware to Version Upgrade Vol. 4.1 (5.2.14a). This version allows users to disable the wireless interface, reduce SSID exposure, and enable MAC address filtering.


Enable WEP and other wireless security features

To make it more difficult for an attacker to connect to the MusicCAST wireless network, use Wired Equivalent Privacy (WEP). Note that vulnerabilities in WEP make it relatively easy for an attacker to determine the WEP key and connect to the WEP-protected wireless network. Current versions of the MusicCAST enable WEP by default and use a unique WEP key.

The release notes state that Version Upgrade Vol. 4.1 supports "Stealth mode to keep ESSID private or MAC address filter to protect the MusicCAST system from unauthorized access through wireless LAN." These features make it somewhat more difficult for an attacker to access the wireless network.

Disable wireless network interface

If it is not needed, disable the wireless network interface.

Vendor Information

758582
 

Yamaha Affected

Notified:  September 07, 2004 Updated: April 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see the MusicCAST Product Updates site.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Robert Otto for reporting this vulnerability.

This document was written by Art Manion.

Other Information

CVE IDs: None
Severity Metric: 0.06
Date Public: 2005-06-07
Date First Published: 2005-06-07
Date Last Updated: 2005-06-08 16:39 UTC
Document Revision: 32

Sponsored by CISA.