Arhont Ltd. - Information Security Arhont Advisory by: Andrei Mikhailovsky (www.arhont.com) Advisory: Surecom Broadband Router Router Model Name: EP-4501 Model Specific: Other models might be vulnerable Manufacturer site: http://www.surecom.com.tw Manufacturer contact: surecom@surecom.com.tw Contact Date: 25/10/2002 DETAILS: While performing a general penetration testing of a network, we have found a security vulnerability in the Surecom Broadband Router EP-4501. The default router installation enables SNMP (Simple Network Management Protocol) server with default community names for read and read/write access. The community name: public Allows read access to the mentioned device, providing enumeration and gathering of sensitive network information. The community name: secret Allows read/write access to device, thus allowing restart and change of the network settings of the broadband router. The SNMP server is enabled by default from the LAN and WAN interfaces. Impact: This vulnerability allows LAN and internet malicious attackers to retrieve and change network settings of the router. Risk Factor: High Possible Solutions: Disable default SNMP implementation, or change default community names. According to the Arhont Ltd. policy, all of the found vulnerabilities and security issues will be reported to the manufacturer 7 days before releasing them to the public domains (such as CERT and BUGTRAQ). If you would like to get more information about this issue, please do not hesitate to contact Arhont team. Regards, Andrei Mikhailovsky Arhont Ltd. http://www.arhont.com GnuPG Keyserver: blackhole.pca.dfn.de GnuPG Key: 0x178F548C
