Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.
SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.
Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.
Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that .
in almost half a million internet-connected devices made by Brocade, Ambit and Netopia.
However, what Fernandez and Bervis found is much worse: devices from multiple vendors that accept virtually any value for the SNMP community string and unlock both read and write access to their configuration data.
The two researchers first located a small number of vulnerable devices, including the Cisco DPC3928SL cable modem that’s now part of Technicolor’s product portfolio following the company’s acquisition of Cisco’s Connected Devices division in 2015.
over its public IP address.
If SNMP is open, can be used to check if the device’s SNMP server returns valid responses when the “public” or random community strings are used. At the very least this would indicate an information leak problem.