SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Printer)  >   ZOT P100s Vendors:   Zero One Technology
Zero One Technology's ZOT P100s Print Server Discloses Information to Remote Users via SNMP Even When Configured Not To
SecurityTracker Alert ID:  1003649
SecurityTracker URL:  http://securitytracker.com/id/1003649
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2002
Impact:   Disclosure of system information
Exploit Included:  Yes  

Description:   An information disclosure vulnerability was reported in the ZOT P100s print server. A remote user can obtain information from the device using SNMP even if SNMP has been disabled.

It is reported that a remote user can use SNMP to obtain information about the device configuration and performance even if SNMP has been disabled and the public community string has been changed.

Impact:   A remote user can obtain information from the device using SNMP even if SNMP has been disabled.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.01tech.com/product_p100s.htm (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  Zero One Tech (ZOT) P100s PrintServer and SNMP


Background:

The ZOT P100s is a hardware printserver device
allowing sharing of a parallel printer on a standard
UTP network.

It has embedded telnet, http (among others) and provides
information via SNMP with default community read string.
(have not tried write yet).

Problem:

After connecting to the device and disabling SNMP,
and setting the public string to non-standard, 
it appears that the device is still accessible.

* verified with SNMPWALK - which enumerates loads
of useful information.

Has anyone had any experience with this product?

Is this a bug?, or something else?


Regards,
Clinton

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC