vendor:
Access Point
by:
Foundstone
7.5
CVSS
HIGH
SNMP Identification String Retrieval
200
CWE
Product Name: Access Point
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Orinoco Access Point SNMP Identification String Retrieval
It is possible to remotely gain access to the identification string used for configuration of OEM access points manufactured by Orinoco through SNMP. By sending a custom-crafted SNMP query to a vulnerable access point, the access point will return system credentials, including the identification string. This identification string can be used as the administrative community string.
Mitigation:
Disable SNMP on the access point or restrict access to the access point from trusted networks.
