1. Home
  2. CVE Database
  3. CVE-2018-20394
CRITICAL · 9.8

CVE-2018-20394

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1...

Vulnerability Description

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TechnicolorDwg849 Firmwarestc0.01.16
TechnicolorDwg8491.0
TechnicolorDwg850-4 Firmwarest9c.05.25
TechnicolorDwg850-42.1
TechnicolorDwg855 Firmwarest80.20.26
TechnicolorDwg8552.1
TechnicolorTwg870 Firmwarestb2.01.36
TechnicolorTwg8701.1

Related Weaknesses (CWE)

CWE-522

References

FAQ

What is CVE-2018-20394?

CVE-2018-20394 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1...

How severe is CVE-2018-20394?

CVE-2018-20394 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-20394?

Check the references section above for vendor advisories and patch information. Affected products include: Technicolor Dwg849 Firmware, Technicolor Dwg849, Technicolor Dwg850-4 Firmware, Technicolor Dwg850-4, Technicolor Dwg855 Firmware.