Netopia DSL路由器漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105836 漏洞类型 访问验证错误
发布时间 2000-05-16 更新时间 2005-05-02
CVE编号 CVE-2000-0379 CNNVD-ID CNNVD-200005-056
漏洞平台 Hardware CVSS评分 3.6
|漏洞来源
https://www.exploit-db.com/exploits/19901
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-056
|漏洞详情
TheNetopiaR9100路由器没能阻止合法用户修改SNMP表,即使管理员通过配置路由器要求它这样做也无效。
|漏洞EXP
source: http://www.securityfocus.com/bid/1177/info

All R-series platforms with firmware between 4.3.8 and 4.6.2 (inclusive) allow users who already have access to the router to modify SNMP tables which they should not be able to access. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. 

The following devices are confirmed as vulnerable: 

R2020 Dual Analog Router
R3100 ISDN Router
R3100-I ISDL Router
R3100-T IDSL router for Covad
R3232-I IDSL 4-IMUX router
R5100 Serial router
R5200 DDS router
R5220 DDS router w/ V.90 backup
R5300 T1 router
R5320 T1 router w/ V.90 backup
R5331 T1 router w/ ISDN backup
R7100-C SDSL router
R7120 SDSL Router w/int V.90
R7131 SDSL router w/int ISDN
R7171 SDSL 2x IMUX router
R7200-T SDSL router for Covad
R7220 SDSL router w/int.V.90
R7231 SDSL router w/int ISDN
R9100 Ethernet-to-ethernet Router

# set snmp community RO wookie
or
# set snmp community RW wookie

The exploit can only be attempted by those with existing access login to the device.
|参考资料

来源:BUGTRAQ
名称:20000507Advisory:NetopiaR9100routervulnerability
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
来源:www.netopia.com
链接:http://www.netopia.com/equipment/purchase/fmw_update.html
来源:BID
名称:1177
链接:http://www.securityfocus.com/bid/1177