This report includes details for three critical information disclosure vulnerabilities. The vulnerabilities were discovered while Matthew Kienow and I were researching information disclosure issues in SNMP on embedded appliances. We're giving a talk about this research at CarolinaCon. During this research project, most devices exposed information that would be classified as benign or public. That said, in three cases we discovered devices that allowed the extraction of authentication data via the read only community string of public. In two cases this was the default behavior. Regarding the impact of these vulnerabilities, casual investigation of public information revealed a large number of the affected devices are exposing SNMP to the public Internet.
more here.........https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string
more here.........https://community.rapid7.com/community/metasploit/blog/2014/05/15/r7-2014-01-r7-2014-02-r7-2014-03-disclosures-exposure-of-critical-information-via-snmp-public-community-string