Vulnerability Description
CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Castlenet | Cbv38Z4Ec Firmware | 25.553mp1.39219mp1.899.007 |
| Castlenet | Cbv38Z4Ec | 1.0 |
| Castlenet | Cbv38Z4Ecnit Firmware | 125.553mp1.39219mp1.899.005itt |
| Castlenet | Cbv38Z4Ecnit | 1.0 |
| Castlenet | Cbw383G4J Firmware | 37.556mp5.008 |
| Castlenet | Cbw383G4J | 1.01 |
| Castlenet | Cbw38G4J Firmware | 37.553mp1.008 |
| Castlenet | Cbw38G4J | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
FAQ
What is CVE-2018-20385?
CVE-2018-20385 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials...
How severe is CVE-2018-20385?
CVE-2018-20385 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20385?
Check the references section above for vendor advisories and patch information. Affected products include: Castlenet Cbv38Z4Ec Firmware, Castlenet Cbv38Z4Ec, Castlenet Cbv38Z4Ecnit Firmware, Castlenet Cbv38Z4Ecnit, Castlenet Cbw383G4J Firmware.