CVE-2016-2509

MEDIUM

Belden Hirschmann Firmware < 09.0.05 - Information Disclosure

Title source: rule
STIX 2.1

Description

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/507216

Scores

CVSS v3 5.3
EPSS 0.0080
EPSS Percentile 52.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
belden/hirschmann_firmware 05.3.06
belden/hirschmann_firmware < 09.0.05
belden/hirschmann_l2b
Published Feb 18, 2016
Tracked Since Feb 18, 2026