PT-2018-15344 · Teknotel · Teknotel Cbw700N

Capitan Alfalo

Published

2018-12-23

Updated

2019-10-03

CVE-2018-20391

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TEKNOTEL CBW700N version 81.447.392110.729.024

Description The issue allows remote attackers to discover credentials via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0".

Recommendations For version 81.447.392110.729.024, consider restricting access to the SNMP service to minimize the risk of exploitation. As a temporary workaround, limit the use of the affected iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests until a patch is available.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-20391

Affected Products

Teknotel Cbw700N

PT-2018-15344 · Teknotel · Teknotel Cbw700N

CVE-2018-20391

Weakness Enumeration

Related Identifiers

Affected Products

References · 4