When Nedi discovers a CDP or LLDP neighbor, it will begin sending all your read-only SNMP strings to it. If this device is a hacker on your network running CDPd, then the hacker can easily learn these SNMP communities.
Additionally, if the hacker can convince Nedi they are a valid device, then Nedi will also try to backup the device using SSH or Telnet. This will enable a hacker to get full access to the usernames and passwords to all your devices.
The best protection for this attack is to configure your netfilter (found inside nedi.conf) to strictly match only your devices and never an IP that a user can be assigned.
# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
Cheers and be safe!