Considering that most Access Points (or Base stations) are usually hard-wired to your wired LAN, they can provide a direct conduit to all your LAN based resources should anyone manage to breach the security thereof.

As soon as someone manages to gain access to your AP/Bridge/Gateway/Router, they would have (potentially) full access to everything connected to your private LAN -the intruder would be able to access everything that your WAP clients have access to; and possibly more if the Admin accounts for your access points also happen to have full/trusted (administrative) access to your LAN based resources.

There is no such thing as a completely secure wireless network -it is only a question of how difficult it would be for someone to hack into your WLAN; and when they do, what would your setup allow them (unauthorized) access to. You must be open, therefore, to a real possibility that someone may manage to trespass from your WLAN, bypassing your firewalls and filters, and have at it on your LAN.

Considering that your WLAN gear (APS, Wireless Bridges, Wireless Repeaters, or Wireless Extenders) are linked to your LAN using TCP/IP, anything that communicates (or responds to) using TCP/IP on your LAN should be considered a potential target.

One of the most common mistakes is to enable TCP/IP based printer and file sharing on LAN based devices. If you have enabled TCP/IP based file sharing on any of your LAN based computer, everything within your folders so shared would be up for a grab in the event your WLAN gets compromised.

It is important therefore, to deny access to MS File and Printer sharing by using TCP/IP. If you must share files and printer services over your LAN, use a protocol (NetBEUI) other than TCP/IP for sharing any such resources. In doing so, you will be able to prevent someone from feasting on your disk based content even after your APs or gateway routers have been compromised.

If you have to share Files and Printers on your LAN, restrict access by using a strong password.