Details of VAR-201812-0709

ID

VAR-201812-0709

CVE

CVE-2018-20398

TITLE

plural Skyworth Vulnerabilities related to certificate and password management in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013532

DESCRIPTION

Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Skyworth Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Skyworth CM5100 and others are different types of cable modem products of China Skyworth Group. Security flaws exist in several Skyworth products. The following products and versions are affected: Skyworth CM5100 version 1.1.0; CM5100-440 version 1.2.1; CM5100-511 version 4.1.0.14; CM5100-GHD00 version 1.2.2; CM5100.g2 version 4.1.0.17

Trust: 1.71

sources: NVD: CVE-2018-20398 // JVNDB: JVNDB-2018-013532 // VULHUB: VHN-131200

AFFECTED PRODUCTS

vendor:	skyworthdigital	model:	cm5100-511	scope:	eq	version:	4.1.0.14	Trust: 1.6
vendor:	skyworthdigital	model:	cm5100	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	skyworthdigital	model:	cm5100-440	scope:	eq	version:	1.2.1	Trust: 1.6
vendor:	skyworthdigital	model:	cm5100.g2	scope:	eq	version:	4.1.0.17	Trust: 1.6
vendor:	skyworthdigital	model:	cm5100-ghd00	scope:	eq	version:	1.2.2	Trust: 1.6
vendor:	skyworth digital holdings	model:	cm5100	scope:	eq	version:	1.1.0	Trust: 0.8
vendor:	skyworth digital holdings	model:	cm5100-440	scope:	eq	version:	1.2.1	Trust: 0.8
vendor:	skyworth digital holdings	model:	cm5100-511	scope:	eq	version:	4.1.0.14	Trust: 0.8
vendor:	skyworth digital holdings	model:	cm5100-ghd00	scope:	eq	version:	1.2.2	Trust: 0.8
vendor:	skyworth digital holdings	model:	cm5100.g2	scope:	eq	version:	4.1.0.17	Trust: 0.8

sources: JVNDB: JVNDB-2018-013532 // CNNVD: CNNVD-201812-1056 // NVD: CVE-2018-20398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20398
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20398
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-1056
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131200
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20398
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-131200
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20398
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-131200 // JVNDB: JVNDB-2018-013532 // CNNVD: CNNVD-201812-1056 // NVD: CVE-2018-20398

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131200 // JVNDB: JVNDB-2018-013532 // NVD: CVE-2018-20398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1056

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1056

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013532

PATCH

title:

Top Page

url:

http://www.skyworth.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013532

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20398	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013532	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1056	Trust: 0.7
db:	VULHUB	id:	VHN-131200	Trust: 0.1

sources: VULHUB: VHN-131200 // JVNDB: JVNDB-2018-013532 // CNNVD: CNNVD-201812-1056 // NVD: CVE-2018-20398

REFERENCES

url:	https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv	Trust: 2.5
url:	https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20398	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20398	Trust: 0.8

sources: VULHUB: VHN-131200 // JVNDB: JVNDB-2018-013532 // CNNVD: CNNVD-201812-1056 // NVD: CVE-2018-20398

SOURCES

db:	VULHUB	id:	VHN-131200
db:	JVNDB	id:	JVNDB-2018-013532
db:	CNNVD	id:	CNNVD-201812-1056
db:	NVD	id:	CVE-2018-20398

LAST UPDATE DATE

2024-11-23T22:48:31.398000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-131200	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013532	date:	2019-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201812-1056	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20398	date:	2024-11-21T04:01:24.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-131200	date:	2018-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013532	date:	2019-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201812-1056	date:	2018-12-24T00:00:00
db:	NVD	id:	CVE-2018-20398	date:	2018-12-23T21:29:01.420