CVE-2018-20379 — MEDIUM (4.7)

Vulnerability Description

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.

CVSS Score

4.7

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Technicolor	Dpc3928Sl Firmware	d3928sl-psip-13-a010-c3420r55105-160428a
Technicolor	Dpc3928Sl	-

Related Weaknesses (CWE)

CWE-79

References

https://misteralfa-hack.blogspot.com/2018/12/cisco-dpc3928sl-explotando-un-xss-vExploitThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/cisco-dpc3928sl-explotando-un-xss-vExploitThird Party Advisory

FAQ

What is CVE-2018-20379?

CVE-2018-20379 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.

How severe is CVE-2018-20379?

CVE-2018-20379 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20379?

Check the references section above for vendor advisories and patch information. Affected products include: Technicolor Dpc3928Sl Firmware, Technicolor Dpc3928Sl.