Vulnerability Description
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D-Link | Dcm-604 Firmware | dcm604_c1_viacabo_1.04_20130606 |
| Dlink | Dcm-604 | c1 |
| D-Link | Dcm-704 Firmware | eu_dcm-704_1.10 |
| Dlink | Dcm-704 | b3 |
Related Weaknesses (CWE)
References
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
FAQ
What is CVE-2018-20389?
CVE-2018-20389 is a vulnerability with a CVSS score of 9.8 (CRITICAL). D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1....
How severe is CVE-2018-20389?
CVE-2018-20389 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20389?
Check the references section above for vendor advisories and patch information. Affected products include: D-Link Dcm-604 Firmware, Dlink Dcm-604, D-Link Dcm-704 Firmware, Dlink Dcm-704.