PT-2018-15335 · Technicolor · Technicolor Dpc2320
Capitan Alfalo
·
Published
2018-12-23
·
Updated
2020-08-24
·
CVE-2018-20381
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Technicolor DPC2320 version dpc2300r2-v202r1244101-150420a-v6
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including
iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.Recommendations
As a temporary workaround, consider disabling SNMP requests to minimize the risk of exploitation. Restrict access to the vulnerable SNMP endpoints to minimize the risk of credential discovery. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Technicolor Dpc2320