Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

netopia.advisory.r9100

🗓️ 17 May 2000 00:00:00Reported by Steve FriedlType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

Netopia R9100 allows unauthorized SNMP string modifications despite access restrictions.

Code
`Security Advisory: Netopia R9100 DSL router  
  
By: Stephen Friedl ([email protected])  
Date: 8 May 2000  
  
Short summary:  
  
The Netopia R9100 permits a user not authorized with a  
special security password to neverthless modify the SNMP  
community strings, including enabling SNMP access that should  
be disabled.  
  
Device Summary:  
  
The Netopia R9100 is an Ethernet-to-Ethernet router intended  
mainly for the DSL and cable modem markets, and it supports  
NAT and various kinds of tunneling. It is managed with telnet,  
HTTP, and with SNMP from either the inside or the outside  
Ethernet interfaces.  
  
Product information on this device can be found at:  
  
http://www.netopia.com/equipment/routers/r9100/  
  
One of the many setup screens permits the setting of SNMP  
community names, both RO and RW, and setting the entries  
to blanks effectively disables SNMP access. The security  
setup screen (which requires a separate password from that  
used during login) can be configured to restrict access to  
any of the SNMP screens.  
  
Vulnerability:  
  
The R9100 has a command-line mode that is reached by typing  
control-N after the user has passed the initial login test.  
At the "#" prompt one can then do most management of the device.  
This includes the setting of SNMP community strings in spite  
of the limitation imposed by the administrator:  
  
# set snmp community RO wookie  
or  
# set snmp community RW wookie  
  
Impact:  
Relatively low. The exploit can only be attempted by those  
with existing access login to the device, and it doesn't seem  
terribly common to have users allowed to manage nearly everything  
except the SNMP strings.  
  
Workaround:  
Deny access to users who can't be trusted.  
  
Versions Tested:  
v4.6.2 (the latest) is the only version tested. Older  
versions probably vulnerable also.  
Other similar Netopia products possibly vulnerable also  
  
Response from Netopia:  
  
The new behavior will be when SNMP access is disabled in the  
Security screen, and an attempt is made to configure the SNMP  
read-write string via the Command Line and Telnet, the user  
will get an error: -400 Access Denied.  
  
This fix will be in the next release of firmware, version 4.7  
(approx. end of May)  
  
Steve  
  
---  
Stephen J Friedl|Software Consultant|Tustin, CA| +1 714 544-6561  
3B2-kind-of-guy |I speak for me only| KA8CMY |[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4
netopia r9100unauthorized accesssnmp vulnerabilityethernet-to-ethernet routersecurity advisory.
40