PT-2018-15347 · Thomson · Thomson Dwg855+3
Capitan Alfalo
·
Published
2018-12-23
·
Updated
2019-10-03
·
CVE-2018-20394
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Thomson DWG849 version STC0.01.16
Thomson DWG850-4 version ST9C.05.25
Thomson DWG855 version ST80.20.26
Thomson TWG870 version STB2.01.36
Description
The issue allows remote attackers to discover credentials via specific SNMP requests, including
iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.Recommendations
For Thomson DWG849 version STC0.01.16, restrict access to the SNMP service to minimize the risk of exploitation.
For Thomson DWG850-4 version ST9C.05.25, avoid using the vulnerable SNMP requests until the issue is resolved.
For Thomson DWG855 version ST80.20.26, consider disabling the SNMP service until a patch is available.
For Thomson TWG870 version STB2.01.36, limit access to the device using SNMP to reduce the risk of credential discovery.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thomson Dwg849
Thomson Dwg850-4
Thomson Dwg855
Thomson Twg870