PT-2018-15353 · Ubee · Ubee Dvw2110+1

Capitan Alfalo

Published

2018-12-23

Updated

2019-10-03

CVE-2018-20400

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ubee DVW2108 version 6.28.1017 Ubee DVW2110 version 6.28.2012

Description The issue allows remote attackers to discover credentials. This is achieved via specific SNMP requests, including "iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" and "iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0".

Recommendations For Ubee DVW2108 version 6.28.1017, restrict access to the SNMP service to minimize the risk of exploitation. For Ubee DVW2110 version 6.28.2012, consider disabling the SNMP protocol until a patch is available.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-20400

Affected Products

Ubee Dvw2108

Ubee Dvw2110

PT-2018-15353 · Ubee · Ubee Dvw2110+1

CVE-2018-20400

Weakness Enumeration

Related Identifiers

Affected Products

References · 4