You do not have permission to view the full content of this post.
Log in or register now..
This one is specific to SNMP. I don't know if consumer (ISP-provided routers) even have the option to enable SNMP. This might make more sense for those running alternative firmware (WRT, etc.) on compatible ones, or using enterprise and even commercial grade routers - Mikrotik, Unifi, Grandstream, etc.
Obviously, there are bigger targets than you, the residential/consumer-level user, but this is a good reminder to be aware of security, and hardening your router against threats. 'tsaka andaming thread dito about häçking your neighbour's WiFi, eh.
Mitigation
This one is specific to SNMP. I don't know if consumer (ISP-provided routers) even have the option to enable SNMP. This might make more sense for those running alternative firmware (WRT, etc.) on compatible ones, or using enterprise and even commercial grade routers - Mikrotik, Unifi, Grandstream, etc.
Obviously, there are bigger targets than you, the residential/consumer-level user, but this is a good reminder to be aware of security, and hardening your router against threats. 'tsaka andaming thread dito about häçking your neighbour's WiFi, eh.

Mitigation
- Disable Cisco Smart Install on all devices [You do not have permission to view the full content of this post. Log in or register now.].
- Use SNMPv3 with “authPriv” configured to the most modern encryption standard that is supported by the device instead of SNMPv1 or SNMPv2 [You do not have permission to view the full content of this post. Log in or register now.].
- Use strong, unique passwords for local accounts on network devices and configure credentials to be stored securely to prevent reuse of compromised passwords [You do not have permission to view the full content of this post. Log in or register now.].
- Monitor and restrict access to SNMP OIDs using a Management Information Base (MIB) allow list [You do not have permission to view the full content of this post. Log in or register now.]. [5] Reference the vendor-specific MIB for the network devices and monitor OIDs for indications of reconnaissance or misconfiguration in logs or intrusion detection systems (IDS). IDS rules should be written for inbound SNMP Set-Requests that contain OIDs targeting sensitive device data [You do not have permission to view the full content of this post. Log in or register now.].
- Restrict management protocols [You do not have permission to view the full content of this post. Log in or register now.].
- Update network device software and firmware images, especially to ρá†ch known vulnerabilities, and upgrade end-of-life devices to supported ones.