Cisco Cable Access Router MIB Community Default Passwords Vulnerability

The ubr900 series routers are a Cable Access solution manufactured and maintained by Cisco Systems. They are designed to route traffic over cable networks.

Cisco ubr900 routers that conform to the DOCSIS standard provided by CableLabs may allow access by arbitrary users. The MIB supports default community strings xyzzy, agent_steal, freekevin, and fubar. These community strings allow a remote user to read and write information in the MIB, which could result in an attacker gaining access to sensitive information, or changing the configuration of the vulnerable router. This problem has been confirmed in models ubr920, ubr924, and ubr925.


Privacy Statement
Copyright 2010, SecurityFocus