SURECOM Broadband Router (EP-4501) Default Configuration Gives Remote Users Read/Write SNMP Access
SecurityTracker Alert ID: 1005623|
SecurityTracker URL: http://securitytracker.com/id/1005623
(Links to External Site)
Date: Nov 14 2002
Disclosure of system information, Modification of system information, User access via network|
Exploit Included: Yes |
Version(s): Model EP-4501|
A vulnerability was reported in the SURECOM Broadband Router model EP-4501. The default configuration includes default SNMP community names with read/write access. A remote user can change the device's configuration.|
Arhont Ltd. issued an advisory warning that the default community name of 'public' can be used to gain read access to the SNMP port. A remote user can use the default community name of 'secret' to gain read/write access to the device to change the device configuration and restart the router.
According to the report, the SNMP server is enabled by default from both the LAN and WAN interfaces.
Other models may be affected (but were not tested).
A remote user can gain read/write access to the device in the default configuration.|
No solution was available at the time of this entry.|
Vendor URL: www.surecom.com.tw/ (Links to External Site)
Source Message Contents
Date: 13 Nov 2002 19:44:20 -0000|
Subject: Default SNMP community in Surecom Broadband Router
Arhont Ltd. - Information Security
Arhont Advisory by: Andrei Mikhailovsky
Advisory: Surecom Broadband Router
Router Model Name: EP-4501
Model Specific: Other models might be
Manufacturer site: http://www.surecom.com.tw
Manufacturer contact: firstname.lastname@example.org
Contact Date: 25/10/2002
While performing a general penetration testing of a
network, we have found a security vulnerability in the
Surecom Broadband Router EP-4501.
The default router installation enables SNMP (Simple
Network Management Protocol) server with default
community names for read and read/write access.
The community name: public
Allows read access to the mentioned device, providing
enumeration and gathering of sensitive network
The community name: secret
Allows read/write access to device, thus allowing
restart and change of the network settings of the
broadband router. The SNMP server is enabled by
default from the LAN and WAN interfaces.
Impact: This vulnerability allows LAN and internet
malicious attackers to retrieve and change network
settings of the router.
Risk Factor: High
Possible Solutions: Disable default SNMP
implementation, or change default community names.
According to the Arhont Ltd. policy, all of the found
vulnerabilities and security issues will be reported to
the manufacturer 7 days before releasing them to the
public domains (such as CERT and BUGTRAQ).
If you would like to get more information about this
issue, please do not hesitate to contact Arhont team.
GnuPG Keyserver: blackhole.pca.dfn.de
GnuPG Key: 0x178F548C