PT-2018-2105 · D Link · Dcm-704+1

Capitan Alfalo

·

Publicado

2018-12-25

·

Atualizado

2021-04-23

·

CVE-2018-20445

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606 D-Link DCM-704 version EU DCM-704 1.10
Description The issue is related to errors in processing SNMP requests, which can allow a remote attacker to disclose credentials. Specifically, attackers can discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
Recommendations For D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606, consider disabling SNMP until a patch is available. For D-Link DCM-704 version EU DCM-704 1.10, restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation.

Exploit

Correção

Insufficiently Protected Credentials

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-200

Identificadores relacionados

BDU:2019-00056
CVE-2018-20445

Produtos afetados

Dcm-604
Dcm-704