Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 18.104.22.168.4.1.3922.214.171.124.1.2.
Linksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability.It has been reported that all SNMP MIB (Management Information Base) community strings, even read/write strings may be disclosed to a remote attacker if the attacker makes certain queries to the affected appliance.An attacker may disclose sensitive information in this manner. Although unconfirmed, it may also be possible for the attacker to manipulate the appliance configuration through writeable strings.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.
The following example has been supplied:Querying OID:126.96.36.199.4.1.39188.8.131.52.184.108.40.206.220.127.116.11.3918.104.22.168.1.2.1 = STRING: "public"22.214.171.124.4.1.39126.96.36.199.1.2.2 = STRING: "private"