Sign-up

ID

VAR-201704-0602


CVE

CVE-2017-5135


TITLE

Technicolor DPC3928SL Vulnerabilities related to access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-003673

DESCRIPTION

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability. Technicolor ( Old Cisco) DPC3928SL There is an access control vulnerability in the firmware. In addition, GitHub Repository string-bleed/StringBleed-CVE-2017-5135 Is 2017 Year 4 Moon 27 Not valid as of the day. It may contain trojan code that exploits this vulnerability.Information may be obtained and information may be altered. Technicolor DPC3928SL is prone to an authentication-bypass vulnerability. Exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Technicolor DPC3928SL is a cable modem from the French Technicolor Group. A remote attacker could exploit this vulnerability to bypass access controls and execute code

Trust: 2.07

sources: NVD: CVE-2017-5135 // JVNDB: JVNDB-2017-003673 // BID: 98092 // VULHUB: VHN-113338 // VULMON: CVE-2017-5135

AFFECTED PRODUCTS

vendor:technicolormodel:dpc3928slscope:eqversion:d3928sl-p15-13-a386-c3420r55105-160127a

Trust: 2.4

vendor:technicolormodel:dpc3928sl d3928sl-p15-13-a386-scope: - version: -

Trust: 0.3

sources: BID: 98092 // JVNDB: JVNDB-2017-003673 // CNNVD: CNNVD-201704-1498 // NVD: CVE-2017-5135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5135
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5135
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201704-1498
value: CRITICAL

Trust: 0.6

VULHUB: VHN-113338
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-5135
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5135
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-113338
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5135
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-113338 // VULMON: CVE-2017-5135 // JVNDB: JVNDB-2017-003673 // CNNVD: CNNVD-201704-1498 // NVD: CVE-2017-5135

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-113338 // JVNDB: JVNDB-2017-003673 // NVD: CVE-2017-5135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1498

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201704-1498

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003673

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-113338 // 
            
            
            
            VULMON: CVE-2017-5135

PATCH
title:Top Pageurl:http://www.technicolor.com/
Trust: 0.8
title:Brocade Security Advisories: BSA-2017-316url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=c2dee36877418c50b2cd2d6753b1608f
Trust: 0.1
title:MS17-010url:https://github.com/oneplus-x/MS17-010 
Trust: 0.1
title:awesome-hacking-listsurl:https://github.com/udpsec/awesome-hacking-lists 
Trust: 0.1
title:awesome-hacking-listsurl:https://github.com/NetW0rK1le3r/awesome-hacking-lists 
Trust: 0.1
title:awesome-hacking-listsurl:https://github.com/taielab/awesome-hacking-lists 
Trust: 0.1
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/several-cable-modem-models-affected-by-snmp-god-mode-flaw/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-5135 // 
            
            
            
            JVNDB: JVNDB-2017-003673

EXTERNAL IDS
db:BIDid:98092
Trust: 2.9
db:NVDid:CVE-2017-5135
Trust: 2.9
db:JVNDBid:JVNDB-2017-003673
Trust: 0.8
db:CNNVDid:CNNVD-201704-1498
Trust: 0.7
db:EXPLOIT-DBid:43384
Trust: 0.2
db:VULHUBid:VHN-113338
Trust: 0.1
db:VULMONid:CVE-2017-5135
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113338 // 
            
            
            
            VULMON: CVE-2017-5135 // 
            
            
            
            BID: 98092 // 
            
            
            
            JVNDB: JVNDB-2017-003673 // 
            
            
            
            CNNVD: CNNVD-201704-1498 // 
            
            
            
            NVD: CVE-2017-5135

REFERENCES
url:https://stringbleed.github.io/
Trust: 2.1
url:https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/
Trust: 2.1
url:http://www.securityfocus.com/bid/98092
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5135
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5135
Trust: 0.8
url:http://www.securityfocus.com/bid/98092/info
Trust: 0.8
url:http://www.technicolorbroadbandpartner.com/
Trust: 0.3
url:https://github.com/string-bleed/stringbleed-cve-2017-5135
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/43384/
Trust: 0.1
url:https://github.com/oneplus-x/ms17-010
Trust: 0.1
url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-316/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113338 // 
            
            
            
            VULMON: CVE-2017-5135 // 
            
            
            
            BID: 98092 // 
            
            
            
            JVNDB: JVNDB-2017-003673 // 
            
            
            
            CNNVD: CNNVD-201704-1498 // 
            
            
            
            NVD: CVE-2017-5135

CREDITS
Ezequiel Fernandez (Argentina) and Bertin Bervis (Costa Rica).
Trust: 0.3
sources:
            
            
            BID: 98092

SOURCES
db:VULHUBid:VHN-113338
db:VULMONid:CVE-2017-5135
db:BIDid:98092
db:JVNDBid:JVNDB-2017-003673
db:CNNVDid:CNNVD-201704-1498
db:NVDid:CVE-2017-5135

LAST UPDATE DATE
2025-04-20T23:05:10.165000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-113338date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-5135date:2019-10-03T00:00:00
db:BIDid:98092date:2017-05-02T00:11:00
db:JVNDBid:JVNDB-2017-003673date:2017-06-02T00:00:00
db:CNNVDid:CNNVD-201704-1498date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5135date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-113338date:2017-04-27T00:00:00
db:VULMONid:CVE-2017-5135date:2017-04-27T00:00:00
db:BIDid:98092date:2017-04-04T00:00:00
db:JVNDBid:JVNDB-2017-003673date:2017-06-02T00:00:00
db:CNNVDid:CNNVD-201704-1498date:2017-04-28T00:00:00
db:NVDid:CVE-2017-5135date:2017-04-27T15:59:00.150