CVE-2018-20393 — CRITICAL (9.8)

Vulnerability Description

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Technicolor	Cga0111 Firmware	cga0111e-es-13-e23e-c8000r5712-170217-0829-tru
Technicolor	Cga0111	1.0
Technicolor	Cga0101 Firmware	cwa0101e-a23e-c7000r5712-170315-skc
Technicolor	Cga0101	1.0
Technicolor	Dpc3928Sl Firmware	d3928sl-psip-13-a010-c3420r55105-170214a
Technicolor	Dpc3928Sl	1.0
Technicolor	Tc7110.Ar Firmware	std3.38.03
Technicolor	Tc7110.Ar	1.0
Technicolor	Tc7110.B Firmware	stc8.62.02
Technicolor	Tc7110.B	2.0
Technicolor	Tc7110.D Firmware	stdb.79.02
Technicolor	Tc7110.D	1.0
Technicolor	Tc7200.D1I Firmware	tc7200.d1ie-n23e-c7000r5712-170406-hat
Technicolor	Tc7200.D1I	1.0
Technicolor	Tc7200.Th2V2.D1I Firmware	sc05.00.22
Technicolor	Tc7200.Th2V2.D1I	01.00

References

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory

FAQ

What is CVE-2018-20393?

CVE-2018-20393 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8...

How severe is CVE-2018-20393?

CVE-2018-20393 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-20393?

Check the references section above for vendor advisories and patch information. Affected products include: Technicolor Cga0111 Firmware, Technicolor Cga0111, Technicolor Cga0101 Firmware, Technicolor Cga0101, Technicolor Dpc3928Sl Firmware.