CVE-2018-20393

Name of the Vulnerable Software and Affected Versions Technicolor CGA0111 version CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU Technicolor CWA0101 version CWA0101E-A23E-c7000r5712-170315-SKC Technicolor DPC3928SL version D3928SL-PSIP-13-A010-c3420r55105-170214a Technicolor TC7110.AR version STD3.38.03 Technicolor TC7110.B version STC8.62.02 Technicolor TC7110.D version STDB.79.02 Technicolor TC7200.d1I version TC7200.d1IE-N23E-c7000r5712-170406-HAT Technicolor TC7200.TH2v2 version SC05.00.22

Description The issue allows remote attackers to discover credentials via specific SNMP requests, including iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.

Recommendations For Technicolor CGA0111 version CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, restrict access to the SNMP service until a patch is available. For Technicolor CWA0101 version CWA0101E-A23E-c7000r5712-170315-SKC, consider disabling the SNMP protocol to minimize the risk of exploitation. For Technicolor DPC3928SL version D3928SL-PSIP-13-A010-c3420r55105-170214a, avoid using the vulnerable SNMP requests until the issue is resolved. For Technicolor TC7110.AR version STD3.38.03, restrict access to the vulnerable iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. For Technicolor TC7110.B version STC8.62.02, disable the SNMP service as a temporary workaround. For Technicolor TC7110.D version STDB.79.02, limit access to the SNMP protocol to trusted sources. For Technicolor TC7200.d1I version TC7200.d1IE-N23E-c7000r5712-170406-HAT, consider implementing additional security measures to protect against SNMP-based attacks. For Technicolor TC7200.TH2v2 version SC05.00.22, restrict access to the vulnerable SNMP requests until a fix is available.