COMMAND

    olicom/crosscomm routers

SYSTEMS AFFECTED

    olicom/crosscomm routers

PROBLEM

    Jacek Lipkowski found following.  Crosscomm/Olicom routers have  a
    undocumented community string ILMI, the same as in cisco:

        http://oliver.efri.hr/~crv/security/bugs/Others/cisco47.html

    that has read and write permissions (didn't check the whole  tree,
    but  you  can  set  system.sysContact.0  for  example).   This was
    checked on  a XLT-F  router with  software 'XL  80 IM  Version 5.5
    Build Level 2' (this was what it reported via snmp).

    You can consider this a serious vulnerability, because people will
    find it while looking for vulnerable cisco routers.

SOLUTION

    The vendor hasn't been notified, as it doesn't exist (olicom  sold
    their router  business to  Intel, don't  know what  happened to it
    later).