SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Compaq Wireless Gateway Vendors:   Compaq
Compaq WL310 Wireless Gateway Discloses SNMP Community String (Password) to Remote Users
SecurityTracker Alert ID:  1005009
SecurityTracker URL:  http://securitytracker.com/id/1005009
CVE Reference:   CVE-2002-0812   (Links to External Site)
Date:  Aug 9 2002
Impact:   Disclosure of authentication information, Disclosure of system information, Modification of system information, User access via network
Exploit Included:  Yes  
Version(s): WL310
Description:   An information disclosure vulnerability was reported in Compaq's WL310 wireless access gateway. A remote user can view and modify configuration information.

Foundstone Labs issued an advisory warning that the Compaq WL310 wireless gateway (reported to be an OEM version of the ORiNOCO access point) discloses the SNMP community string to remote users. A remote user can reportedly query the community string and change the system configuration parameters, including Wired Equivalent Privacy (WEP) keys and Domain Name Service (DNS) information.

This can can reportedly be achieved by sending a specific packet to UDP port 192 to cause the access point to return the unique identification value in the 'system.sysName.0' parameter. The remote user can then use this value as the SNMP community string to view and modify the configuration via SNMP.

The following is the demonstration probe packet that can be used:

"\x01\x00\x00\x00\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

The vendor has reportedly been notified.

Impact:   A remote user can determine the SNMP community string used to protect SNMP access to the device.
Solution:   No vendor solution was available at the time of this entry.

Foundstone has provided the following solution:

"Employ packet filtering on inbound requests to deny access to ports 192/udp and 161/udp on the access point."

Vendor URL:  www.compaq.com/products/wireless/wlan/wl310.html (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Compaq Issues Fix Instructions) Re: Compaq WL310 Wireless Gateway Discloses SNMP Community String (Password) to Remote Users
Compaq has released configuration instructions to avoid the vulnerability.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC