Sign-up

ID

VAR-201812-0687


CVE

CVE-2018-20395


TITLE

NETWAVE MNG6200 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013542

DESCRIPTION

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NETWAVE MNG6200 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETWAVE MNG6200 is a modem product. A security vulnerability exists in NETWAVE MNG6200 C4835805jrc12FU121413.cpr version

Trust: 1.71

sources: NVD: CVE-2018-20395 // JVNDB: JVNDB-2018-013542 // VULHUB: VHN-131197

AFFECTED PRODUCTS

vendor:net wavemodel:ming6200scope:eqversion:c4835805jrc12fu121413.cpr

Trust: 1.6

vendor:netwavemodel:mng6200scope:eqversion:c4835805jrc12fu121413.cpr

Trust: 0.8

sources: JVNDB: JVNDB-2018-013542 // CNNVD: CNNVD-201812-1053 // NVD: CVE-2018-20395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20395
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20395
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1053
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131197
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20395
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131197
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20395
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131197 // JVNDB: JVNDB-2018-013542 // CNNVD: CNNVD-201812-1053 // NVD: CVE-2018-20395

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131197 // JVNDB: JVNDB-2018-013542 // NVD: CVE-2018-20395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1053

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013542

EXTERNAL IDS
db:NVDid:CVE-2018-20395
Trust: 2.5
db:JVNDBid:JVNDB-2018-013542
Trust: 0.8
db:CNNVDid:CNNVD-201812-1053
Trust: 0.7
db:VULHUBid:VHN-131197
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131197 // 
            
            
            
            JVNDB: JVNDB-2018-013542 // 
            
            
            
            CNNVD: CNNVD-201812-1053 // 
            
            
            
            NVD: CVE-2018-20395

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20395
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20395
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131197 // 
            
            
            
            JVNDB: JVNDB-2018-013542 // 
            
            
            
            CNNVD: CNNVD-201812-1053 // 
            
            
            
            NVD: CVE-2018-20395

SOURCES
db:VULHUBid:VHN-131197
db:JVNDBid:JVNDB-2018-013542
db:CNNVDid:CNNVD-201812-1053
db:NVDid:CVE-2018-20395

LAST UPDATE DATE
2024-11-23T22:45:08.109000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131197date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013542date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1053date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20395date:2024-11-21T04:01:24.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-131197date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013542date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1053date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20395date:2018-12-23T21:29:01.217