> You're secure if you don't expose SNMP.

Depends what you mean by "expose". Some people could read that as "exposed to the Internet". I'm reading it as "exposed to anything".

This looks like a good fun for doing lateral movement inside a network. I know of lots of environments with SNMPv2 wide open for "internal" networks to access.

Plus SNMP is UDP-based, so likely the exploit will work with a one-way path and spoofed source addresses.