PT-2018-15347 · Thomson · Thomson Dwg855+3
Capitan Alfalo
·
Publicado
2018-12-23
·
Atualizado
2019-10-03
·
CVE-2018-20394
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Thomson DWG849 version STC0.01.16
Thomson DWG850-4 version ST9C.05.25
Thomson DWG855 version ST80.20.26
Thomson TWG870 version STB2.01.36
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including
iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.Recommendations
For Thomson DWG849 version STC0.01.16, restrict access to the SNMP service to minimize the risk of exploitation.
For Thomson DWG850-4 version ST9C.05.25, avoid using the vulnerable SNMP requests until the issue is resolved.
For Thomson DWG855 version ST80.20.26, consider disabling the SNMP service until a patch is available.
For Thomson TWG870 version STB2.01.36, limit access to the device using SNMP to reduce the risk of credential discovery.
Exploit
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Thomson Dwg849
Thomson Dwg850-4
Thomson Dwg855
Thomson Twg870