yesterday , i was like always wondering here n there on internet found one article on one of my " source of information " ... that ... not all but some routers from popular vendors are vulnerable to SNMP injection ....
But first , what is SNMP , its Simple Network Management Protocol , which is basically used to monitor network attached devices for conditions that warrant administrative attention. Don't mislead from its name , implementation of this protocol is way too difficult...
Penetration Testing Co. .... ProCheckUp surveyed devices from vendors such as Cisco, Proxim, 3Com and ZyXEL which were all found to be vulnerable.
Identified in ProCheckUp's ‘ZyXEL Gateways Vulnerability Research' paper, it
allows hackers to cause a persistent HTML injection condition on the web management console of several ZyXEL Prestige router models. Provided that an attacker has guessed or cracked the write SNMP community string of a device, they would be able to inject malicious code into the administrative web interface by changing the values of OIDs (SNMP MIB objects) that are printed on HTML pages.
The purpose behind injecting malicious code into the web console via SNMP is to fully compromise the device once the page containing the payload is viewed by the administrator.
The company initially suspected that such an attack was possible on a large number of embedded devices in use in the market, and although the SNMP write community string must be guessed or cracked for this attack to work, some devices come with SNMP read/write access enabled by default using common community strings such as ‘public', ‘private', ‘write' and ‘cable-docsis'.
ProCheckUp also claimed that the use of customised but weak SNMP write community strings, and other weaknesses within the devices SNMP stack implementation should be taken into account when evaluating the feasibility of this attack.
Njoy ....
0 comments:
Post a Comment