Netmaster cable modem information leakage vulnerability

Overview

The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default

Description

CWE-200** - Information Exposure**

The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password, and wifi keys via the SNMP public community string.

---

Impact

A remote unauthenticated attacker may be able to retrieve the username, password, and other sensitive information about the device.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

Vendor Information

259548

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Netmaster Affected

Notified: July 17, 2014 Updated: August 15, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	5	AV:N/AC:L/Au:N/C:P/I:N/A:N
Temporal	4.3	E:F/RL:U/RC:UC
Environmental	4.5	CDP:LM/TD:M/CR:ND/IR:ND/AR:ND

References

• <http://www.netmaster.com.tr/urun/6&gt;
• <http://cwe.mitre.org/data/definitions/200.html&gt;
• <https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863&gt;

Acknowledgements

Thanks to Deral Heiland of Rapid7, Inc. for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs:	CVE-2014-4862
Date Public:	2014-08-21 Date First Published: