BT Voyager 2000 Router Cleartext Password SNMP Disclosure

2004-06-24T01:51:26
ID OSVDB:7248
Type osvdb
Reporter Konstantin V. Gavrilenko(mlists@arhont.com)
Modified 2004-06-24T01:51:26

Description

Vulnerability Description

BT Voyager 2000 Wireless ADSL Router contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker grabs the SNMP strings from the router using a default public/private community name, which will disclose the account password in plaintext resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): - Disallow anonymous access to the wireless router - Change default SNMP community names - Disable SNMP support

Short Description

BT Voyager 2000 Wireless ADSL Router contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker grabs the SNMP strings from the router using a default public/private community name, which will disclose the account password in plaintext resulting in a loss of confidentiality.

References:

Vendor URL: http://www.shop.bt.com/invt/006743&source=N4N_Voy2K_Ban Other Advisory URL: http://www.securiteam.com/securitynews/5MP0Q0KD5W.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0357.html ISS X-Force ID: 16472 CVE-2004-0616 Bugtraq ID: 10589