Sign-up

ID

VAR-201812-0707


CVE

CVE-2018-20396


TITLE

NET&SYS MNG2120J and MNG6300 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013541

DESCRIPTION

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. NET&SYS MNG2120J and MNG6300 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NET&SYS MNG2120J and MNG6300 are both cable modem products of Korea NET&SYS Company. A security vulnerability exists in NET&SYS MNG2120J version 5.76.1006c and MNG6300 version 5.83.6305jrc2

Trust: 1.71

sources: NVD: CVE-2018-20396 // JVNDB: JVNDB-2018-013541 // VULHUB: VHN-131198

AFFECTED PRODUCTS

vendor:telaummodel:ming2120jscope:eqversion:5.76.1006c

Trust: 1.0

vendor:telaummodel:ming6300scope:eqversion:5.83.6305jrc2

Trust: 1.0

vendor:net sysmodel:mng2120jscope:eqversion:5.76.1006c

Trust: 0.8

vendor:net sysmodel:mng6300scope:eqversion:5.83.6305jrc2

Trust: 0.8

vendor:net wavemodel:ming6300scope:eqversion:5.83.6305jrc2

Trust: 0.6

vendor:net wavemodel:ming2120jscope:eqversion:5.76.1006c

Trust: 0.6

sources: JVNDB: JVNDB-2018-013541 // CNNVD: CNNVD-201812-1054 // NVD: CVE-2018-20396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20396
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20396
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1054
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131198
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20396
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131198
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20396
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-20396
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-131198 // JVNDB: JVNDB-2018-013541 // CNNVD: CNNVD-201812-1054 // NVD: CVE-2018-20396

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131198 // JVNDB: JVNDB-2018-013541 // NVD: CVE-2018-20396

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1054

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1054

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013541

EXTERNAL IDS
db:NVDid:CVE-2018-20396
Trust: 2.5
db:JVNDBid:JVNDB-2018-013541
Trust: 0.8
db:CNNVDid:CNNVD-201812-1054
Trust: 0.7
db:VULHUBid:VHN-131198
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131198 // 
            
            
            
            JVNDB: JVNDB-2018-013541 // 
            
            
            
            CNNVD: CNNVD-201812-1054 // 
            
            
            
            NVD: CVE-2018-20396

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20396
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20396
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131198 // 
            
            
            
            JVNDB: JVNDB-2018-013541 // 
            
            
            
            CNNVD: CNNVD-201812-1054 // 
            
            
            
            NVD: CVE-2018-20396

SOURCES
db:VULHUBid:VHN-131198
db:JVNDBid:JVNDB-2018-013541
db:CNNVDid:CNNVD-201812-1054
db:NVDid:CVE-2018-20396

LAST UPDATE DATE
2024-11-23T22:21:52.213000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131198date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013541date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1054date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20396date:2024-11-21T04:01:24.197

SOURCES RELEASE DATE
db:VULHUBid:VHN-131198date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013541date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1054date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20396date:2018-12-23T21:29:01.280