| VID |
20024 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The D-Link ADSL Modem reveals the account and password of the remote ADSL connection via SNMP.
The ISP account information including login name and password is stored on the modem without encryption, It is therefore possible to retrieve this information with simple SNMP gathering utility such as snmpwalk:
transmission.23.2.3.1.5.2.1 = STRING: "username@dsl-provider"
transmission.23.2.3.1.6.2.1 = STRING: "password-string"
This vulnerability allows LAN and internet malicious attackers to retrieve confidential information such as login name and password.
* References:
http://www.securityfocus.com/archive/1/316489
http://www.dlink.com
* Platforms Affected:
D-Link DSL Broadband Modem DSL-500 |
| Recommendation |
As a temporary solution you should firewall UDP port 161 from LAN/WAN sides, as it is not possible to disable SNMP service from the web management interface. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
