Title: BT Voyager 2000 Wireless ADSL Router SNMP Community String Information Disclosure Vulnerability
Severity: CRITICAL
Description:
The BT Voyager 2000 Wireless ADSL Router is a hardware solution for sharing a single Internet connection using wireless technology.
BT Voyager 2000 Wireless ADSL Router is reported prone to a sensitive information disclosure vulnerability.
It is reported that 'public' SNMP MIB community strings which, are world readable by default contain sensitive information pertaining to the internal protected network. These community strings are available to users who can connect to the wireless interface of the affected device. Specifically, the 'public' community strings are identical to the 'private' community strings the only difference being that 'public' strings are not writeable. It is reported that the 'public' community string OID "23.2.3.1.6.5.1" contains the plaintext password used to authenticate to the administrative interface of the device.
An attacker may disclose authentication credentials, and may use these credentials to access the administrative interface for the device. The impact of this issue may be greatly exaggerated if a password is used to authenticate to multiple services.
Data collected in this manner may be used in further attacks against the victim network.
Affected Products:
- BT Voyager 2000 Wireless ADSL Router
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
