Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
BID:9688
Info
Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
| Bugtraq ID: | 9688 |
| Class: | Configuration Error |
| CVE: |
CVE-2004-0312 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to NN Poster <[email protected]>. |
| Vulnerable: |
Linksys WAP55AG 1.0.7 |
| Not Vulnerable: | |
Discussion
Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
Linksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability.
It has been reported that all SNMP MIB (Management Information Base) community strings, even read/write strings may be disclosed to a remote attacker if the attacker makes certain queries to the affected appliance.
An attacker may disclose sensitive information in this manner. Although unconfirmed, it may also be possible for the attacker to manipulate the appliance configuration through writeable strings.
Linksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability.
It has been reported that all SNMP MIB (Management Information Base) community strings, even read/write strings may be disclosed to a remote attacker if the attacker makes certain queries to the affected appliance.
An attacker may disclose sensitive information in this manner. Although unconfirmed, it may also be possible for the attacker to manipulate the appliance configuration through writeable strings.
Exploit / POC
Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
The following example has been supplied:
Querying OID:
1.3.6.1.4.1.3955.2.1.13.1.2.
1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public"
1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private"
The following example has been supplied:
Querying OID:
1.3.6.1.4.1.3955.2.1.13.1.2.
1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public"
1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private"
Solution / Fix
Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Linksys WAP55AG SNMP Community String Insecure Configuration Vulnerability
References:
References:
- Linksys Homepage (Linksys)
- SNMP community string disclosure in Linksys WAP55AG (NN Poster