PT-2018-15341 · Bnmux · Bnmux Bcw710J+2
Capitan Alfalo
·
Publicado
2018-12-23
·
Atualizado
2019-10-03
·
CVE-2018-20387
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bnmux BCW700J version 5.20.7
Bnmux BCW710J version 5.30.6a
Bnmux BCW710J2 version 5.30.16
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0".
Recommendations
For Bnmux BCW700J version 5.20.7, restrict access to the SNMP service to minimize the risk of exploitation.
For Bnmux BCW710J version 5.30.6a, consider disabling the SNMP protocol until a patch is available.
For Bnmux BCW710J2 version 5.30.16, avoid using the vulnerable SNMP requests until the issue is resolved.
Exploit
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bnmux Bcw700J
Bnmux Bcw710J
Bnmux Bcw710J2