PT-2018-2105 · D Link · Dcm-704+1

Capitan Alfalo

Published

2018-12-25

Updated

2021-04-23

CVE-2018-20445

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606 D-Link DCM-704 version EU DCM-704 1.10

Description The issue is related to errors in processing SNMP requests, which can allow a remote attacker to disclose credentials. Specifically, attackers can discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.

Recommendations For D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606, consider disabling SNMP until a patch is available. For D-Link DCM-704 version EU DCM-704 1.10, restrict access to the vulnerable SNMP endpoints to minimize the risk of exploitation.

Exploit

Fix

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200

Related Identifiers

BDU:2019-00056

CVE-2018-20445

Affected Products

Dcm-604

Dcm-704

PT-2018-2105 · D Link · Dcm-704+1

CVE-2018-20445

Weakness Enumeration

Related Identifiers

Affected Products

References · 5