CVE-2020-11618 — HIGH (7.8)

Vulnerability Description

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Thomsonstb	Tht741Fta Firmware	2.2.1
Thomsonstb	Tht741Fta	-
Philips	Dtr3502Bfta Dvb-T2 Firmware	2.2.1
Philips	Dtr3502Bfta Dvb-T2	-

References

https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposedExploitThird Party Advisory
https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposedExploitThird Party Advisory

FAQ

What is CVE-2020-11618?

CVE-2020-11618 is a vulnerability with a CVSS score of 7.8 (HIGH). THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access vi...

How severe is CVE-2020-11618?

CVE-2020-11618 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11618?

Check the references section above for vendor advisories and patch information. Affected products include: Thomsonstb Tht741Fta Firmware, Thomsonstb Tht741Fta, Philips Dtr3502Bfta Dvb-T2 Firmware, Philips Dtr3502Bfta Dvb-T2.