Bugtraq: Default SNMP community in Surecom Broadband Router

[Andrei Mikhailovsky <andrei () arhont com>]

Arhont Ltd.     - Information Security

Arhont Advisory by:             Andrei Mikhailovsky
(www.arhont.com)
Advisory:                       Surecom Broadband Router 
Router Model Name:              EP-4501
Model Specific:                 Other models might be
vulnerable
Manufacturer site:              http://www.surecom.com.tw
Manufacturer contact:           surecom () surecom com tw
Contact Date:                   25/10/2002

DETAILS:

While performing a general penetration testing of a
network, we have found a security vulnerability in the
Surecom Broadband Router EP-4501.

The default router installation enables SNMP (Simple
Network Management Protocol) server with default
community names for read and read/write access.  

The community name: public 

Allows read access to the mentioned device, providing
enumeration and gathering of sensitive network
information.  

The community name: secret 

Allows read/write access to device, thus allowing
restart and change of the network settings of the
broadband router.  The SNMP server is enabled by
default from the LAN and WAN interfaces.

Impact: This vulnerability allows LAN and internet
malicious attackers to retrieve and change network
settings of the router.

Risk Factor: High

Possible Solutions:  Disable default SNMP
implementation, or change default community names.

According to the Arhont Ltd. policy, all of the found
vulnerabilities and security issues will be reported to
the manufacturer 7 days before releasing them to the
public domains (such as CERT and BUGTRAQ).

If you would like to get more information about this
issue, please do not hesitate to contact Arhont team.


Regards,

Andrei Mikhailovsky
Arhont Ltd.
http://www.arhont.com
GnuPG Keyserver: blackhole.pca.dfn.de
GnuPG Key:       0x178F548C