VULHUB ™

TESO Security Advisory #9 - BinTec router security and privacy weakness. By using SNMP brute-force-techniques for SNMP community-names one is able to remotely gain the management accounts passwords, which are the same as the SNMP community names. Additionally the MIB-Tree holds security related information which should not be accessible through read-only/SNMP. These routers also offer services which can be abused rather easily, like dialing out and getting full line access via a CAPI interface, or a debugging interface which gives you all information which is sent over the BRI-lines.

TESO Security Advisory #9 - BinTec router security and privacy weakness. By using SNMP brute-force-techniques for SNMP community-names one is able to remotely gain the management accounts passwords, which are the same as the SNMP community names. Additionally the MIB-Tree holds security related information which should not be accessible through read-only/SNMP. These routers also offer services which can be abused rather easily, like dialing out and getting full line access via a CAPI interface, or a debugging interface which gives you all information which is sent over the BRI-lines.