PT-2018-15343 · Kaonmedia · Kaonmedia Cg2001-An22A+2

Capitan Alfalo

Published

2018-12-23

Updated

2019-10-03

CVE-2018-20390

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kaonmedia CG2001-AN22A version 1.2.1 Kaonmedia CG2001-UDBNA version 3.0.8 Kaonmedia CG2001-UN2NA version 3.0.8

Description The issue allows remote attackers to discover credentials via specific SNMP requests, including iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.

Recommendations For Kaonmedia CG2001-AN22A version 1.2.1, restrict access to the SNMP service to minimize the risk of exploitation. For Kaonmedia CG2001-UDBNA version 3.0.8, consider disabling the SNMP requests iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 until a patch is available. For Kaonmedia CG2001-UN2NA version 3.0.8, avoid using the vulnerable SNMP endpoints to prevent credential discovery.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-20390

Affected Products

Kaonmedia Cg2001-An22A

Kaonmedia Cg2001-Udbna

Kaonmedia Cg2001-Un2Na

PT-2018-15343 · Kaonmedia · Kaonmedia Cg2001-An22A+2

CVE-2018-20390

Weakness Enumeration

Related Identifiers

Affected Products

References · 4