Details of VAR-201812-0738

ID

VAR-201812-0738

CVE

CVE-2018-20438

TITLE

TC7110.AR Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013581

DESCRIPTION

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. TC7110.AR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.AR is a cable modem of the French Technicolor Group. Technicolor TC7110.AR STD 3.38.03 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20438 // JVNDB: JVNDB-2018-013581 // CNVD: CNVD-2019-42719 // VULHUB: VHN-131244

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42719

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7110.ar	scope:	eq	version:	-	Trust: 1.6
vendor:	technicolor	model:	tc7110.ar	scope:	eq	version:	std3.38.03	Trust: 0.8
vendor:	technicolor	model:	tc7110.ar std3.38.03	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42719 // JVNDB: JVNDB-2018-013581 // CNNVD: CNNVD-201812-1111 // NVD: CVE-2018-20438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20438
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20438
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42719
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1111
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131244
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20438
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42719
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131244
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20438
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42719 // VULHUB: VHN-131244 // JVNDB: JVNDB-2018-013581 // CNNVD: CNNVD-201812-1111 // NVD: CVE-2018-20438

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131244 // JVNDB: JVNDB-2018-013581 // NVD: CVE-2018-20438

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1111

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1111

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013581

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013581

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20438	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013581	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1111	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42719	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131244	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42719 // VULHUB: VHN-131244 // JVNDB: JVNDB-2018-013581 // CNNVD: CNNVD-201812-1111 // NVD: CVE-2018-20438

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20438	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20438	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42719 // VULHUB: VHN-131244 // JVNDB: JVNDB-2018-013581 // CNNVD: CNNVD-201812-1111 // NVD: CVE-2018-20438

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42719
db:	VULHUB	id:	VHN-131244
db:	JVNDB	id:	JVNDB-2018-013581
db:	CNNVD	id:	CNNVD-201812-1111
db:	NVD	id:	CVE-2018-20438

LAST UPDATE DATE

2025-01-30T22:27:37.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42719	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131244	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013581	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1111	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20438	date:	2024-11-21T04:01:29.090

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42719	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131244	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013581	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1111	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20438	date:	2018-12-25T15:29:00.490