[原文]Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
和Data-over-Cable Service Interface Specifications (DOCSIS)标准一致的Cisco ubr900系列路由器必须进行无SNMP访问限制装载，远程攻击者使用任意团体字符串在MIB中写信息。
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
This vulnerability was announced by <email@example.com> via the Bugtraq Mailing list on December 30, 2001.
The ubr900 series routers are a Cable Access solution manufactured and maintained by Cisco Systems. They are designed to route traffic over cable networks.
Cisco ubr900 routers that conform to the DOCSIS standard provided by CableLabs may allow access by arbitrary users. The MIB supports default community strings xyzzy, agent_steal, freekevin, and fubar. These community strings allow a remote user to read and write information in the MIB, which could result in an attacker gaining access to sensitive information, or changing the configuration of the vulnerable router. This problem has been confirmed in models ubr920, ubr924, and ubr925.
No exploit is required to take advantage of this vulnerability.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.