Title: Atmel SNMP Community String Vulnerability
Severity: HIGH
Description:
Atmel is a chip design and manufacturing firm that provides various RF-based products to corporate consumers. Atmel manufactures firmware for various wireless access systems.
A problem with systems using the Amtel chips makes it possible for remote users to gain access to sensitive information. This problem may lead to remote users gaining access to restricted network resources, full network access, and potentially access to other systems on the network.
The problem involves the firmware on the Atmel chips not implementing sufficient access control. Under normal conditions, SNMP devices use Community Strings as a means of access control. Community strings are usually configured to provide a minimum level of access control to information that could be useful in information gathering attacks, or other such transgressions.
The implementation of firmware used with Atmel chips allows remote users using any community string to access the systems Management Information Base (MIB) section of SNMP, and read/write variables. This can also allow a remote user to gain access to view WEP keys, which once attained, and gain access to sensitive network assets.
Affected Products:
- Atmel Firmware 1.3.0
- Linksys WAP11 1.3.0
- NetGear ME102 1.3.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
