Sign-up

ID

VAR-201812-0673


CVE

CVE-2018-20381


TITLE

Technicolor DPC2320 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013833

DESCRIPTION

Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Technicolor DPC2320 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor DPC2320 is a modem from Technicolor Group. Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20381 // JVNDB: JVNDB-2018-013833 // CNVD: CNVD-2019-42720 // VULHUB: VHN-131182

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-42720

AFFECTED PRODUCTS

vendor:technicolormodel:dpc2320scope:eqversion:dpc2300r2-v202r1244101-150420a-v6

Trust: 1.8

vendor:technicolormodel:dpc2320 dpc2300r2-v202r1244101-150420a-v6scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-42720 // JVNDB: JVNDB-2018-013833 // NVD: CVE-2018-20381

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20381
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20381
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-42720
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-1039
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131182
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-42720
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-131182
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20381
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-42720 // VULHUB: VHN-131182 // JVNDB: JVNDB-2018-013833 // CNNVD: CNNVD-201812-1039 // NVD: CVE-2018-20381

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-131182 // JVNDB: JVNDB-2018-013833 // NVD: CVE-2018-20381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1039

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013833

PATCH
title:TopPageurl:https://www.technicolor.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013833

EXTERNAL IDS
db:NVDid:CVE-2018-20381
Trust: 3.1
db:JVNDBid:JVNDB-2018-013833
Trust: 0.8
db:CNNVDid:CNNVD-201812-1039
Trust: 0.7
db:CNVDid:CNVD-2019-42720
Trust: 0.6
db:VULHUBid:VHN-131182
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-42720 // 
            
            
            
            VULHUB: VHN-131182 // 
            
            
            
            JVNDB: JVNDB-2018-013833 // 
            
            
            
            CNNVD: CNNVD-201812-1039 // 
            
            
            
            NVD: CVE-2018-20381

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-20381
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20381
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-42720 // 
            
            
            
            VULHUB: VHN-131182 // 
            
            
            
            JVNDB: JVNDB-2018-013833 // 
            
            
            
            CNNVD: CNNVD-201812-1039 // 
            
            
            
            NVD: CVE-2018-20381

SOURCES
db:CNVDid:CNVD-2019-42720
db:VULHUBid:VHN-131182
db:JVNDBid:JVNDB-2018-013833
db:CNNVDid:CNNVD-201812-1039
db:NVDid:CVE-2018-20381

LAST UPDATE DATE
2024-11-23T23:08:32.294000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-42720date:2019-11-28T00:00:00
db:VULHUBid:VHN-131182date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-013833date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-1039date:2020-10-22T00:00:00
db:NVDid:CVE-2018-20381date:2024-11-21T04:01:22.010

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-42720date:2019-11-28T00:00:00
db:VULHUBid:VHN-131182date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013833date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-1039date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20381date:2018-12-23T21:29:00.357