CVE-2018-20393
published 2018-12-23CVE-2018-20393: Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL…
PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.60%
72.7th percentile
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| technicolor | cga0101_firmware | — | — |
| technicolor | cga0111_firmware | — | — |
| technicolor | dpc3928sl_firmware | — | — |
| technicolor | tc7110.ar_firmware | — | — |
| technicolor | tc7110.b_firmware | — | — |
| technicolor | tc7110.d_firmware | — | — |
| technicolor | tc7200.d1i_firmware | — | — |
| technicolor | tc7200.th2v2.d1i_firmware | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvhttps://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlhttps://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvhttps://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
2018-12-23
Published