[33860] in bugtraq
Re: SNMP community string disclosure in Linksys WAP55AG
daemon@ATHENA.MIT.EDU (Hugo van der Kooij)
Thu Feb 19 19:29:17 2004
Date: Wed, 18 Feb 2004 22:14:07 +0100 (CET)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: bugtraq@securityfocus.com
In-Reply-To: <20040217230824.2079.qmail@www.securityfocus.com>
Message-ID: <Pine.LNX.4.58.0402182212330.29822@gandalf.hugo.vanderkooij.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 17 Feb 2004, NN Poster wrote:
> Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2.
>
> 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public"
> 1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private"
>
> Verified on WAP55AG, firmware 1.07
But ... Can you obtain this information without a valid community string?
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
