Vendor: Edimax Type: 7205APL Firmware: 2.40a-00 Kind of bug: Security Description: Normally a user called addmin, has to create a password on the Accesspoint. When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file. Opening the file in Notepad gave the next result: 71331234,  default.domaindadmin XXXXX guest 1234 WirelessXXXXXX, yy  ddomainUo Lg C Uo Lg C You can see the password of the admin XXXXX (for security reasons, I have changed the original one in XXXXX) and the password of a user called guest, 1234. When you log in to the accesspoint with guest and 1234, you can make a backup. With the same content like above of the admin. It is not possible to remove the user, because it is inside the firmware. So only a new one can solve this security problem.