Sign-up

ID

VAR-201812-0711


CVE

CVE-2018-20400


TITLE

Ubee DVW2108 and DVW2110 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013536

DESCRIPTION

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Ubee DVW2108 and DVW2110 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Ubee DVW2108 and DVW2110 are modem products of Ubee Interactive Company. There are security vulnerabilities in Ubee DVW2108 version 6.28.1017 and DVW2110 version 6.28.2012

Trust: 1.71

sources: NVD: CVE-2018-20400 // JVNDB: JVNDB-2018-013536 // VULHUB: VHN-131203

AFFECTED PRODUCTS

vendor:ubeeinteractivemodel:dvw2110scope:eqversion:6.28.2012

Trust: 1.6

vendor:ubeeinteractivemodel:dvw2108scope:eqversion:6.28.1017

Trust: 1.6

vendor:ubee interactivemodel:dvw2108scope:eqversion:6.28.1017

Trust: 0.8

vendor:ubee interactivemodel:dvw2110scope:eqversion:6.28.2012

Trust: 0.8

sources: JVNDB: JVNDB-2018-013536 // CNNVD: CNNVD-201812-1058 // NVD: CVE-2018-20400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20400
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20400
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1058
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131203
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20400
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131203
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20400
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131203 // JVNDB: JVNDB-2018-013536 // CNNVD: CNNVD-201812-1058 // NVD: CVE-2018-20400

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131203 // JVNDB: JVNDB-2018-013536 // NVD: CVE-2018-20400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1058

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013536

PATCH
title:Top Pageurl:http://www.ubeeinteractive.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013536

EXTERNAL IDS
db:NVDid:CVE-2018-20400
Trust: 2.5
db:JVNDBid:JVNDB-2018-013536
Trust: 0.8
db:CNNVDid:CNNVD-201812-1058
Trust: 0.7
db:VULHUBid:VHN-131203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131203 // 
            
            
            
            JVNDB: JVNDB-2018-013536 // 
            
            
            
            CNNVD: CNNVD-201812-1058 // 
            
            
            
            NVD: CVE-2018-20400

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20400
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20400
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131203 // 
            
            
            
            JVNDB: JVNDB-2018-013536 // 
            
            
            
            CNNVD: CNNVD-201812-1058 // 
            
            
            
            NVD: CVE-2018-20400

SOURCES
db:VULHUBid:VHN-131203
db:JVNDBid:JVNDB-2018-013536
db:CNNVDid:CNNVD-201812-1058
db:NVDid:CVE-2018-20400

LAST UPDATE DATE
2024-11-23T22:58:48.414000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131203date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013536date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1058date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20400date:2024-11-21T04:01:24.757

SOURCES RELEASE DATE
db:VULHUBid:VHN-131203date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013536date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1058date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20400date:2018-12-23T21:29:01.513