Lancom LCOS changing root password via CLI does not change root password for SNMPv3

Thomas StimperSecurity

Overview:

LANCOM LCOS is used in nearly all LANCOM Routers,
VPN Gateways and WLAN AccessPoints.

„LANCOM VPN routers and gateways ensure high bandwidths,
secure communication and confidential data exchange
in professional networks.“

In the described situation an attacker can authenticate with the previous
root password via SNMPv3 and access senditive data and do actions.

see for more informations the NME Security Advisory ID: NME-2021-001.