Simply requiring a valid read-only community string to obtain a read-write string is not sufficient enough protection. It is possible to expose a read-only community string through a packet broadcast on an unpopulated arp table on a switch, thus expose the entire unit to attack. The owner may not even wish to update any data via SNMP, but simply walking the table with a read-only string will allow any attacker to do so. Can anyone confirm if the strings are writable via the read-write community string? If an attacker was able to change the configuration and then lock-out the remote administration capabilities it would create quite a nuisance, especially if the access point is in a remote location. Robbie > On Wed, 17 Feb 2004, NN Poster wrote: > > > Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2. > > > > 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public" > > 1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private" > > > > Verified on WAP55AG, firmware 1.07 > > But ... Can you obtain this information without a valid community string? > > Hugo. > > -- > All email sent to me is bound to the rules described on my homepage. > hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. > --
