Summary
The remote ARRIS DOCSIS is prone to a security-bypass vulnerability.
Impact
Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device.
Solution
Ask the Vendor for an update.
Insight
By default this device is exposing critical information by requesting '1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0' via SNMP using 'public' as community string.
This could be tested by running:
snmpget -v1 -c public <target> 1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0
The following data is also exposed:
ssid: 1.3.6.1.4.1.4115.1.20.1.1.3.22.1.2.12 WPA PSK: 1.3.6.1.4.1.4115.1.20.1.1.3.26.1.2.12 Wep 64-bit: 1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.1-4 WEP 128-bit: 1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.1-4
Affected
ARRIS DOCSIS 3.0 / Touchstone Wideband Gateway.
Detection
Try to retrieve the password via snmp.
Severity
Classification
-
CVE CVE-2014-4863 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Win)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)