Sign-up

ID

VAR-201812-0683


CVE

CVE-2018-20391


TITLE

TEKNOTEL CBW700N Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013751

DESCRIPTION

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. TEKNOTEL CBW700N The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TEKNOTEL CBW700N is a modem. A security vulnerability exists in TEKNOTEL CBW700N version 81.447.392110.729.024

Trust: 1.71

sources: NVD: CVE-2018-20391 // JVNDB: JVNDB-2018-013751 // VULHUB: VHN-131193

AFFECTED PRODUCTS

vendor:teknotelmodel:cbw700nscope:eqversion:81.447.392110.729.024

Trust: 2.4

sources: JVNDB: JVNDB-2018-013751 // CNNVD: CNNVD-201812-1049 // NVD: CVE-2018-20391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20391
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20391
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1049
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20391
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20391
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131193 // JVNDB: JVNDB-2018-013751 // CNNVD: CNNVD-201812-1049 // NVD: CVE-2018-20391

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131193 // JVNDB: JVNDB-2018-013751 // NVD: CVE-2018-20391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1049

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013751

EXTERNAL IDS
db:NVDid:CVE-2018-20391
Trust: 2.5
db:JVNDBid:JVNDB-2018-013751
Trust: 0.8
db:CNNVDid:CNNVD-201812-1049
Trust: 0.7
db:VULHUBid:VHN-131193
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131193 // 
            
            
            
            JVNDB: JVNDB-2018-013751 // 
            
            
            
            CNNVD: CNNVD-201812-1049 // 
            
            
            
            NVD: CVE-2018-20391

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20391
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20391
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131193 // 
            
            
            
            JVNDB: JVNDB-2018-013751 // 
            
            
            
            CNNVD: CNNVD-201812-1049 // 
            
            
            
            NVD: CVE-2018-20391

SOURCES
db:VULHUBid:VHN-131193
db:JVNDBid:JVNDB-2018-013751
db:CNNVDid:CNNVD-201812-1049
db:NVDid:CVE-2018-20391

LAST UPDATE DATE
2024-11-23T22:34:03.908000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131193date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013751date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-1049date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20391date:2024-11-21T04:01:23.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-131193date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013751date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-1049date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20391date:2018-12-23T21:29:00.950