Linksys DSL Router SNMP Trap System Arbitrary Sending Vulnerability

Linksys DSL routers are high-speed internet access solutions distributed by the Linksys Group. Linksys DSL routers offer features such as high-speed internet access, switching built into some routers, and Voice-over-IP.

A problem with Linksys routers could make it possible for a remote user to gain sensitive information from a Linksys router, or potentially create a denial of service. The problem affects Linksys routers which may work with either Microsoft or Unix and Linux systems.

Linksys routers have a design issue that will router SNMP Trap information to any address. When a Linksys router receives a query from a system, the router alters it's own configuration to make the querying system the SNMP Trap system. This can yield sensitive information about network traffic being handled by the router. Since SNMP uses UDP as it's method of transport, this could also lead to a number of vulnerable routers being used to create a distributed denial of service attack.


Privacy Statement
Copyright 2010, SecurityFocus