Details of VAR-201812-0686

ID

VAR-201812-0686

CVE

CVE-2018-20394

TITLE

plural Thomson Vulnerabilities related to certificate and password management in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013739

DESCRIPTION

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Thomson Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thomson DWG849 etc. are all modem products. A security vulnerability exists in several Thomson products. The following products and versions are affected: Thomson DWG849 STC version 0.01.16; DWG850-4 ST9C.05.25 version; DWG855 ST80.20.26 version; TWG870 STB version 2.01.36

Trust: 1.8

sources: NVD: CVE-2018-20394 // JVNDB: JVNDB-2018-013739 // VULHUB: VHN-131196 // VULMON: CVE-2018-20394

AFFECTED PRODUCTS

vendor:	technicolor	model:	dwg849	scope:	eq	version:	stc0.01.16	Trust: 2.4
vendor:	technicolor	model:	dwg850-4	scope:	eq	version:	st9c.05.25	Trust: 2.4
vendor:	technicolor	model:	dwg855	scope:	eq	version:	st80.20.26	Trust: 2.4
vendor:	technicolor	model:	twg870	scope:	eq	version:	stb2.01.36	Trust: 2.4

sources: JVNDB: JVNDB-2018-013739 // CNNVD: CNNVD-201812-1052 // NVD: CVE-2018-20394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20394
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20394
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-1052
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131196
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-20394
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20394
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-131196
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20394
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-131196 // VULMON: CVE-2018-20394 // JVNDB: JVNDB-2018-013739 // CNNVD: CNNVD-201812-1052 // NVD: CVE-2018-20394

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131196 // JVNDB: JVNDB-2018-013739 // NVD: CVE-2018-20394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1052

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1052

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013739

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013739

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20394	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-013739	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1052	Trust: 0.7
db:	VULHUB	id:	VHN-131196	Trust: 0.1
db:	VULMON	id:	CVE-2018-20394	Trust: 0.1

sources: VULHUB: VHN-131196 // VULMON: CVE-2018-20394 // JVNDB: JVNDB-2018-013739 // CNNVD: CNNVD-201812-1052 // NVD: CVE-2018-20394

REFERENCES

url:	https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv	Trust: 2.6
url:	https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20394	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20394	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-131196 // VULMON: CVE-2018-20394 // JVNDB: JVNDB-2018-013739 // CNNVD: CNNVD-201812-1052 // NVD: CVE-2018-20394

SOURCES

db:	VULHUB	id:	VHN-131196
db:	VULMON	id:	CVE-2018-20394
db:	JVNDB	id:	JVNDB-2018-013739
db:	CNNVD	id:	CNNVD-201812-1052
db:	NVD	id:	CVE-2018-20394

LAST UPDATE DATE

2024-11-23T22:21:52.237000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-131196	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-20394	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013739	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-1052	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20394	date:	2024-11-21T04:01:23.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-131196	date:	2018-12-23T00:00:00
db:	VULMON	id:	CVE-2018-20394	date:	2018-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013739	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-1052	date:	2018-12-24T00:00:00
db:	NVD	id:	CVE-2018-20394	date:	2018-12-23T21:29:01.153