Sign-up

ID

VAR-201812-0674


CVE

CVE-2018-20382


TITLE

Jiuzhou BCM93383WRG Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013553

DESCRIPTION

Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Jiuzhou BCM93383WRG The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Jiuzhou BCM93383WRG is a modem. There is a security vulnerability in Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 version

Trust: 1.71

sources: NVD: CVE-2018-20382 // JVNDB: JVNDB-2018-013553 // VULHUB: VHN-131183

AFFECTED PRODUCTS

vendor:jezetek intlmodel:bcm93383wrgscope:eqversion:3.0.7

Trust: 1.6

vendor:jiuzhoumodel:bcm93383wrgscope:eqversion:139.4410mp1.3921132mp1.899.004404.004

Trust: 0.8

sources: JVNDB: JVNDB-2018-013553 // CNNVD: CNNVD-201812-1040 // NVD: CVE-2018-20382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20382
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20382
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1040
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131183
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20382
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131183
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20382
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131183 // JVNDB: JVNDB-2018-013553 // CNNVD: CNNVD-201812-1040 // NVD: CVE-2018-20382

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131183 // JVNDB: JVNDB-2018-013553 // NVD: CVE-2018-20382

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1040

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1040

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013553

PATCH
title:Top Pageurl:http://www.jiuzhoupharma.com/about-e.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013553

EXTERNAL IDS
db:NVDid:CVE-2018-20382
Trust: 2.5
db:JVNDBid:JVNDB-2018-013553
Trust: 0.8
db:CNNVDid:CNNVD-201812-1040
Trust: 0.7
db:VULHUBid:VHN-131183
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131183 // 
            
            
            
            JVNDB: JVNDB-2018-013553 // 
            
            
            
            CNNVD: CNNVD-201812-1040 // 
            
            
            
            NVD: CVE-2018-20382

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20382
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20382
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131183 // 
            
            
            
            JVNDB: JVNDB-2018-013553 // 
            
            
            
            CNNVD: CNNVD-201812-1040 // 
            
            
            
            NVD: CVE-2018-20382

SOURCES
db:VULHUBid:VHN-131183
db:JVNDBid:JVNDB-2018-013553
db:CNNVDid:CNNVD-201812-1040
db:NVDid:CVE-2018-20382

LAST UPDATE DATE
2024-11-23T22:41:38.458000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131183date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013553date:2019-02-25T00:00:00
db:CNNVDid:CNNVD-201812-1040date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20382date:2024-11-21T04:01:22.153

SOURCES RELEASE DATE
db:VULHUBid:VHN-131183date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013553date:2019-02-25T00:00:00
db:CNNVDid:CNNVD-201812-1040date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20382date:2018-12-23T21:29:00.420