PT-2018-15342 · Comtrend · Comtrend Cm-6300N+1

Capitan Alfalo

Published

2018-12-23

Updated

2019-10-03

CVE-2018-20388

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Comtrend CM-6200un version 123.447.007 Comtrend CM-6300n version 123.553mp1.005

Description The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0".

Recommendations For Comtrend CM-6200un version 123.447.007, restrict access to the SNMP service until a patch is available. For Comtrend CM-6300n version 123.553mp1.005, consider disabling the SNMP protocol to minimize the risk of exploitation.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-20388

Affected Products

Comtrend Cm-6200Un

Comtrend Cm-6300N

PT-2018-15342 · Comtrend · Comtrend Cm-6300N+1

CVE-2018-20388

Weakness Enumeration

Related Identifiers

Affected Products

References · 4