CVE-2018-20396 — CRITICAL (9.8)

Vulnerability Description

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Telaum	Ming2120J Firmware	5.76.1006c
Telaum	Ming2120J	4.10
Telaum	Ming6300 Firmware	5.83.6305jrc2
Telaum	Ming6300	2.0

Related Weaknesses (CWE)

CWE-522

References

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-lExploitThird Party Advisory

FAQ

What is CVE-2018-20396?

CVE-2018-20396 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

How severe is CVE-2018-20396?

CVE-2018-20396 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-20396?

Check the references section above for vendor advisories and patch information. Affected products include: Telaum Ming2120J Firmware, Telaum Ming2120J, Telaum Ming6300 Firmware, Telaum Ming6300.