Arris DOCSIS Password Disclosure Network Vulnerability

Summary

The remote ARRIS DOCSIS is prone to a security-bypass vulnerability.

Impact

Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device.

Solution

Ask the Vendor for an update.

Insight

By default this device is exposing critical information by requesting '1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0' via SNMP using 'public' as community string. This could be tested by running: snmpget -v1 -c public <target> 1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 The following data is also exposed: ssid: 1.3.6.1.4.1.4115.1.20.1.1.3.22.1.2.12 WPA PSK: 1.3.6.1.4.1.4115.1.20.1.1.3.26.1.2.12 Wep 64-bit: 1.3.6.1.4.1.4115.1.20.1.1.3.24.1.2.12.1-4 WEP 128-bit: 1.3.6.1.4.1.4115.1.20.1.1.3.25.1.2.12.1-4

Affected

ARRIS DOCSIS 3.0 / Touchstone Wideband Gateway.

Detection

Try to retrieve the password via snmp.

Severity

Classification

CVE CVE-2014-4863
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
Adobe Digital Edition Information Disclosure Vulnerability (Windows)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)

Take action and discover your vulnerabilities