CVE-2016-2509

Published: Feb 18, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (3)

Products: Belden: Hirschmann Firmware, Hirschmann L2b

2 products

Hirschmann Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Belden Hirschmann Firmware	Version 05.3.06
Belden Hirschmann L2b	All versions

Configuration B

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Belden Hirschmann Firmware	Up to 09.0.05

Running on/with	Platform Versions
Belden Hirschmann L2e	All versions
Belden Hirschmann L2p	All versions
Belden Hirschmann L3e	All versions
Belden Hirschmann L3p	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.kb.cert.org/vuls/id/507216

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/507216

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.