Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Netopia SNMP Password Disclosure

Medium

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host appears to be running a Netopia router with SNMP enabled. The Netopia router is using the default SNMP community strings. This version of the Netopia firmware is vulnerable to a flaw where a remote attacker can retrieve the administrative password by sending a specially formed SNMP query. An attacker exploiting this flaw would only need to be able to send SNMP queries to the router using the default community string of 'public'. Successful exploitation would result in the attacker gaining administrative credentials to the router.

Solution

Upgrade or patch according to vendor recommendations. Change the default SNMP community string to one that is not easily guessed.