CVE-2018-20393

Published: Dec 23, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Affected (8)

Products: Technicolor: Cga0111 Firmware, Cga0101 Firmware, Dpc3928sl Firmware, Tc7110.ar Firmware, Tc7110.b Firmware, Tc7110.d Firmware, Tc7200.d1i Firmware, Tc7200.th2v2.d1i Firmware

8 products

Tc7200.th2v2.d1i Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Cga0111 Firmware	Version cga0111e-es-13-e23e-c8000r5712-170217-0829-tru

Running on/with	Platform Versions
Technicolor Cga0111	Version 1.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Cga0101 Firmware	Version cwa0101e-a23e-c7000r5712-170315-skc

Running on/with	Platform Versions
Technicolor Cga0101	Version 1.0

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Dpc3928sl Firmware	Version d3928sl-psip-13-a010-c3420r55105-170214a

Running on/with	Platform Versions
Technicolor Dpc3928sl	Version 1.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7110.ar Firmware	Version std3.38.03

Running on/with	Platform Versions
Technicolor Tc7110.ar	Version 1.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7110.b Firmware	Version stc8.62.02

Running on/with	Platform Versions
Technicolor Tc7110.b	Version 2.0

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7110.d Firmware	Version stdb.79.02

Running on/with	Platform Versions
Technicolor Tc7110.d	Version 1.0

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7200.d1i Firmware	Version tc7200.d1ie-n23e-c7000r5712-170406-hat

Running on/with	Platform Versions
Technicolor Tc7200.d1i	Version 1.0

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Tc7200.th2v2.d1i Firmware	Version sc05.00.22

Running on/with	Platform Versions
Technicolor Tc7200.th2v2.d1i	Version 01.00

References (4)

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

Source: cve@mitre.org

Third Party Advisory

https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.