- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Netgear WG102 Leaks SNMP Write Password with Read Access
------------------------------------------------------------------------
SUMMARY
Netgear WG102 offers the the typical SNMP write & SNMP read community
password 'protection'. SNMPv2 is already known for weak security, yet
NETGEAR goes one step further, the SNMP write community (password) is
accessible in cleartext via the MIB which is readable via the SNMP read
community.
DETAILS
Vulnerable Systems:
* Netgear WG102
Proof of Concept:
* Enable snmp (default) and set different SNMP write/read passwords.
* Then on a different machine do:
snmpwalk -c READPASSWORD -v2c IP SNMPv2-SMI::enterprises.4526.4.3
The passwords are stored in ...4526.4.3.8.4.0 and ...4526.4.3.8.5.0
ADDITIONAL INFORMATION
The information has been provided by
<mailto:mad-vaittes@ida.ing.tu-bs.de> Harm S.I. Vaittes.
The original article can be found at:
<http://www.milw0rm.com/exploits/7712>
http://www.milw0rm.com/exploits/7712
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment